Data Security

Link to – TERMS OF PURCHASE


PRIVACY PROTECTION, DATA SECURITY AND COOKIES


We are pleased that you have shown interest in Mala od lavande :).
At the outset, we would like to emphasise that the protection of personal data is extremely important to us, and we take every possible measure to protect it in the best possible way.
The protection, collection and use of personal data by Mala od lavande has been brought into line with the conditions set by the European Commission for the implementation of the GDPR regulation (General Data Protection Regulation).

PAYMENT DATA SECURITY

Statement on the security of online payments

When paying on our web shop you use CorvusPay – an advanced system for the secure acceptance of payment cards over the Internet.

CorvusPay ensures the complete confidentiality of your card details from the moment you enter them into the CorvusPay payment form. Payment data is transmitted encrypted from your web browser to the bank that issued your card. Our shop never comes into contact with the full data of your payment card. The data is also inaccessible even to CorvusPay system staff. An isolated core independently transmits and manages sensitive data, keeping it fully secure.

The payment data form is secured with the highest level of SSL transport encryption. All stored data is additionally protected by encryption, using a cryptographic device certified to FIPS 140-2 Level 3. CorvusPay meets all the requirements for online payment security prescribed by the leading card brands and operates in accordance with the PCI DSS Level 1 standard – the highest security standard in the payment card industry. When paying with cards enrolled in the 3-D Secure programme, in addition to the card's validity, your bank also confirms your identity using a token or password.

Corvus Info treats all the information it collects as a banking secret and handles it accordingly. The information is used exclusively for the purposes for which it is intended. Your sensitive data is entirely safe and its privacy is guaranteed by the most up-to-date security mechanisms. Only the data strictly necessary for business operations is collected, in accordance with the strict procedures laid down for online payment.

The security controls and operating procedures applied to our infrastructure ensure the constant reliability of the CorvusPay system. In addition, by maintaining strict access control, regular security monitoring and in-depth checks to prevent network vulnerabilities, and by systematically implementing information security provisions, they continuously maintain and improve the level of system security by protecting your card data.

When paying via the fast money transfer service PayPal , no payment data is stored.


STATEMENT ON THE PROTECTION AND COLLECTION OF PERSONAL DATA AND THEIR USE

Privacy protection describes how the Seller handles your personal data received during the use of the online shop.
Personal data means your identification data: name and surname, e-mail address, home address and telephone number, i.e. data that is not otherwise publicly available but which the Seller learns during your use of the online shop.

The Seller will keep your personal data confidential and will not distribute, publish, pass on to third parties or in any other way make it available to any third party without your prior consent.

All customer data is strictly protected and available only to staff who need this data to perform their work.
Mala od lavande and its business partners are responsible for observing the principles of privacy protection.
We undertake to provide protection of the personal data of customers in such a way that only basic data of customers that is necessary for the fulfilment of our obligations is collected.
Data that is automatically recorded when the website is accessed and that is not personal data (domain name, browser type, number of visits, time spent on pages and similar) may be used by Mala od lavande only to assess the visit to the website and to improve its content and functionality.
Mala od lavande informs customers of the way in which the collected data is used and gives them the option to decide whether or not their name is to be removed from the list used for marketing campaigns.
In the event of a change in any of the personal data (e.g. place of residence, delivery address) recorded at registration, the customer is obliged to reflect the change in the user data.
If the customer does not make the change, Mala od lavande is not liable for any deficiencies in the order or delivery of products.
The above provisions on the protection of personal data apply exclusively to the home page of the web shop malaodlavande.com and to all pages within the malaodlavande.com domain, and not to external pages that are referred to by links from the malaodlavande.com domain.

1. What basic data do we collect through this website and how?


At registration we collect only the personal data you wish to give us, or those that are necessary for us to provide (and improve) our services. We collect direct personal data such as name, surname, address and e-mail address, telephone/mobile phone number, as well as indirect data such as "Cookies" (tracking), connection and system information.

When you subscribe to the Newsletter, your e-mail address is used to communicate with you so that we can deliver information about promotions, news, giveaways and other important changes in our business to you in good time, until you unsubscribe from the Newsletter service. In addition, we use your e-mail address for our own advertising. You can unsubscribe at any time.

Likewise, you can start a career at Mala od lavande by applying for an open vacancy or by sending your CV to our e-mail address info@malaodlavande.com.

You can be confident that Mala od lavande takes all the necessary measures to keep the personal data you send us secure.

2. How do we manage to keep your personal data safe?


Mala od lavande takes all necessary measures to keep your personal data secure. Only authorised staff of Mala od lavande, partner companies that are service providers and our business partners (CorvusPay – card payments, DPD courier service) – that is, authorised staff who have contractually undertaken to keep all data confidential – have access to your personal data.
Employees of Mala od lavande who have access to your personal data must abide by the rules of the Privacy Statement, and all business partners who have access to your personal data have signed a data protection agreement.
Contracts have also been signed by partner companies that have access to your personal information, so that this information remains secure. In order to ensure that your personal data is protected, Mala od lavande is constantly upgrading its IT system and in this way has appropriate measures in place to prevent unauthorised access (e.g. hacking).

As an example of how we underline our commitment to protecting the security of our customers' data, and in order to further improve security and ensure reliable protection of your personal data, we have purchased a certificate from Comodo CA – PositiveSSL. The certificate is registered in the name of our company, Angara d.o.o., thereby guaranteeing the authenticity and integrity of our online shop.

The use of the PositiveSSL certificate ensures encryption of the data you exchange with our website, providing you with safe and secure shopping. This additional layer of security enables you to use our service without worry, knowing that your data is protected and your privacy preserved.

3. For what purposes do we use your personal data?


Your personal data will be used exclusively for the purposes of our business, as well as for managing, supporting and obtaining feedback on the service provided, and to prevent the violation of security, laws or terms of the contract.

4. To whom do we disclose your data and why?


Mala od lavande will never share your personal data with business associates who intend to use it for direct marketing purposes, unless you have given us specific permission to do so.

In particular:
(i) direct marketing by e-mail,
(ii) You have the right at any time to request that we stop contacting you by electronic mail for marketing purposes, and also
(iii) you have the right to request the deletion of personal information from our systems


Mala od lavande may share your personal data with contractual partner companies so that we can provide you with the best possible service.

These are:

CorvusPay – Online gateway for card payments
DPD – leading courier service provider
KEKSpay – Online gateway for card payments
Pick & Pack – courier service provider



We may forward your personal data to state bodies and law enforcement agencies in the following situations:
(i) we are obliged to do so by the requirements of any applicable law;
(ii) if such action is necessary for the conduct of legal proceedings;
(iii) in responding to any legal requests or actions;
(iv) where this is in accordance with legal requirements or actions, or in order to protect the rights of Mala od lavande or its clients and the public.

5. How can you see, check, change or delete the personal data you have sent us?


If you subscribed to the Newsletter independently of registering on the web shop, there is an "Unsubscribe" option at the bottom of each message, via which you can unsubscribe; or send us an e-mail to info@malaodlavande.com and we will do it for you. If you are a registered user on our web shop, simply go to your "User profile" and uncheck the option indicating that you no longer wish to receive the newsletter.

In addition to being able to change your data in your user profile, we have added two new options. 1. "Data we use" where you can read in short where we use your data. 2. "My personal data" – here you are offered the option to download all your data in PDF and CSV format, along with a notice that you can send a request for the forgetting or deletion of your data to info@malaodlavande.com.

6. 'Cookies' ("tracking technology") – how and why do we use them?


Mala od lavande uses tracking technology ("Cookies") to collect personal data, such as browser and operating system type, associated page, path through the site, ISP domain and similar, for the purpose of understanding how users use the website. Cookies help us adapt this website to your personal needs.

Mala od lavande stores all information collected via 'Cookies' in a non-personally identifiable format. This type of information obtained via 'Cookies' will not be forwarded outside our business or to any specific third parties. It will not be used for unforeseen communications.

'Cookies' placed on your computer do not contain your name. After the user has stopped working on the server.

Please check whether your computer's settings support the option of accepting 'Cookies' or not. You can set your browser to warn you before accepting a 'Cookie' or you can set it to reject them, in which case you will not have access to all of the features of this website. Under the "help" option of your browser, check how to do this. You do not need to have the option of receiving 'Cookies' switched on in order to use many parts of this and other websites. Please remember that if you use different computers in different places, you will have to check whether each browser is adapted to your settings for receiving 'Cookies'.

To make it easier for you to choose when you enter our web shop, a window will appear where you can accept or reject cookies, with the reduced functionality mentioned above if you choose not to use them. Cookies will not be stored until you give consent for them.

The cookies used by the Mala od lavande web shop are:

Session Cookies
Name Domain Path Value
_sp_ses.d1da malaodlavande.com / *
_gat .malaodlavande.com / 1
PHPSESSID malaodlavande.com / hq1ck3hl447rij8shlspb7uu1r

Stored Cookies
Name Domain Path Expiration (days) Value
pixel .yotpo.com / 365 c10dc1b8-7773-4276-7ba4-1cb361020df3
_sp_id.d1da malaodlavande.com / 730 3cfc43abaaa944c8.1614945442.1.1614945449.1614945442
_gid .malaodlavande.com / 1 GA1.2.1825384265.1614945440
_ga .malaodlavande.com / 730 GA1.2.854843797.1614945440
__cfduid .onesignal.com / 30 d6e425e8d6eeabcdc81320c597bae36051614945439
PrestaShop-1c08f5ccd1a4714c2342b60047eae723 .malaodlavande.com / 20 def502002601cc303a2d213deca9320023eb2f1b3466cdf4114cd8e05a3028f


Third-Party Stored Cookies
Name Domain Path Expiration Value
pixel .yotpo.com / 365 c10dc1b8-7773-4276-7ba4-1cb361020df3
__cfduid .onesignal.com / 30 d6e425e8d6eeabcdc81320c597bae36051614945439


Google Analytics – a traffic analytics service for malaodlavande.com
Facebook Pixel – a Facebook service for targeted ad delivery to customers
Onesignal – a service for sending push messages to customers

7. E-marketing


SPAM is the term used for unsolicited e-mail messages containing advertising or marketing materials sent without your consent.

Mala od lavande does not send SPAM e-mail messages. Mala od lavande uses an anti-spam tool in order to protect employees from receiving SPAM messages. Sending e-mail messages without the other party's consent is unlawful in many countries. Mala od lavande will not use your personal data (including your e-mail address) for direct marketing or tracking communications, unless you grant us explicit "OPT-IN" consent.

Furthermore, Mala od lavande will not share your personal data with third parties that would use your personal information to send spam e-mails.

The Mala od lavande websites provide the opportunity to receive marketing information by e-mail. Every e-mail message sent by Mala od lavande will give you the option at any time to stop receiving marketing e-mails.

If for any reason you believe you have received spam e-mail from Mala od lavande, please notify us immediately at the address provided. For details about the address, see question 5 – How can you see, check, change or delete the personal data you have sent us?

8. How long do we keep your personal data?


Mala od lavande may keep personal information that you have sent us via this website in its databases. Your personal data will be kept only as long as necessary to respond to questions or resolve problems, provide better and new services, and in accordance with the provisions of applicable law. This means that we may retain your personal information after you stop using our services or stop using this website. After that period, your personal information will be deleted from all systems within Mala od lavande.

We remind you that you have the right to the deletion of your personal data at any time. Please see question 5 – How can you see, check, change or delete the personal data you have sent us?

9. What is our policy on collecting data from children using our website?


We believe that it is very important to protect the privacy of children in the world of electronic communications, as well as to encourage parents or guardians to participate in and monitor their children's electronic activities.

Websites intended for children

Special note for children under the age of 16

If you are under the age of 16, we advise you to talk to your parent or guardian before leaving any personal data on our websites. If you are not sure you understand something in this section, please ask your parents or guardians for help.

Special note for parents of children under 16

We recommend that parents/guardians regularly monitor and review their children's electronic activity.
Please make sure that your child does not give out personal identification information electronically without your permission.


10. Can we change the terms of the Privacy Policy later?


We reserve the right to amend and correct this notice. Please visit this website from time to time to review new information.

11. Where can I find more information about the legal aspects of our website and my legal rights and responsibilities?


For more detailed information, see the "GENERAL TERMS AND CONDITIONS OF SALE", available by clicking this link, or directly on this page.

12. Through which addresses can I get information if I have additional questions about my personal data?


E-mail address: info@malaodlavande.com
Postal address: Angara d.o.o., Kašinski odvojak 20a, Sesvete, Croatia

Info line: 00 385 92 292 9292

13. What terms with legal definitions are used in the Mala od lavande privacy statement?


Personal information means personal data and any information related to you that can directly or indirectly identify you (on websites this is your regular e-mail address, IP address, etc.).
Processing of personal data means any operation or set of operations performed on your personal data, including collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, blocking, erasure or destruction (i.e. any activity carried out by Mala od lavande that involves the personal information you send us).

14. Retargeting and social networks

Angara d.o.o. processes, via social networks and channels, data on persons who follow published content, like our posts and leave comments. Angara d.o.o. collects data on its contacts on social networks, via which it sends promotions to specific target groups (anonymous data covering gender, age, etc.). Angara d.o.o. uses Facebook Business Tools, Instagram Business and LinkedIn Marketing Solutions. The data we send is data on your activities on the social network, collected via clicks and cookies, and it includes, among other things: information about your devices, purchases you have made, advertisements you have seen, and how you use services (e.g. whether you have a Facebook account and are logged in, etc.). In relation to the processing of personal data carried out for the purposes of the marketing activities mentioned, the social networks are considered joint controllers together with Angara d.o.o. For more information on data processing by the mentioned social networks, please read the Privacy Rules – Facebook, LinkedIn, Instagram.

14a. Newsletter


When you subscribe to the Newsletter, your e-mail address is used to communicate with you so that we can deliver information about promotions, news, giveaways and other important changes in our business to you in good time, until you unsubscribe from the Newsletter service. Personal data collected for the purpose of newsletter registration will be used exclusively for sending our newsletter.

For managing registrations and delivery of the newsletter, we use the Sendinblue platform. Sendinblue exports personal data outside the EU on the basis of standard contractual clauses for the transfer of personal data. The Sendinblue system records newsletter opens and link clicks in order to provide statistics on which content has been of interest to newsletter recipients.

You can opt out of receiving the newsletter at any time by selecting the option to withdraw consent offered in the received newsletter, or by contacting us at info@maladolavande.com. Withdrawal of consent does not affect the lawfulness of processing up to the moment of withdrawal. Subscription to the newsletter is voluntary and the data subject does not bear any negative consequences if they do not give consent or withdraw consent.

If you withdraw your consent, you will no longer receive our newsletter, and unsubscribed e-mail addresses remain on our unsubscribe list for a maximum of 5 years from the day of unsubscribing, to demonstrate compliance with the legal obligations that Angara d.o.o. has under applicable law.

Sendinblue – GDPR

14b. Retargeting Pixel – Facebook social network


This website uses the Retargeting-Pixel Custom Audiences option of the Facebook social network, 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook can add visitors to our website to a target group for Facebook Ads using the Remarketing-Pixels option. For this purpose, a Facebook cookie will be stored on your computer. Other information on the scope and purpose of the data collection, on how Facebook processes and uses the data, and on possible privacy settings, is available in Facebook's data protection guidelines at https://facebook.com/policy.php and https://www.facebook.com/ads/settings. You can reject the use of the Custom Audiences option at www.youronlinechoices.com/de/praferenzmanagement, and if you have a Facebook account you can do so here as well.

14c. Google Analytics


This website uses Google Analytics, a web analytics service of Google Inc. ("Google"). Google Analytics uses cookies, so-called "Cookies", text files stored on your computer, which enable analysis of your use of the website. This website also uses the Google AMP Client ID API application in order to link, via Google Analytics, user activities on accelerated mobile pages (AMP) with user activities on non-accelerated mobile pages. The Google tracking codes on this website use the function "_anonymizeIp()". Because of this, within member states of the European Union or other signatory states across the European Economic Area, the IP address is only processed in shortened form in order to exclude the possibility of direct association with a person. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the owner of this website, Google uses this information to evaluate the use of the website and compile reports on website activities, as well as to obtain for the owner information on other services related to website and internet usage. The IP address transmitted from your browser within the framework of Google Analytics is not associated with other data held by Google. You can prevent the storage of cookies through appropriate settings in your browser's software, but please note that in that case you may not be able to use all the features of this website to their full extent. In addition, you can prevent the collection of information generated by cookies and relating to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser add-ons available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

14d. Facebook


Our website uses so-called "Plugins" for the Facebook social network operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with the Facebook logo or supplemented with "Facebook Social Plugin" or "Facebook Social Plugin". An overview of Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins.
When you call up a page of our web presence that contains such a plugin, your browser establishes a direct connection to Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and becomes part of that page. By means of this connection, Facebook obtains the information that your browser has called up the corresponding page of the web presence, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can then immediately associate our website with your Facebook profile upon your visit. If you interact with the plugins, for example by clicking the "Like" button or writing a comment, this information will immediately be transmitted directly to a Facebook server and stored there. In addition, the information will be published on your Facebook profile and shown to your Facebook friends.
Facebook may use this information for advertising purposes and to tailor Facebook pages to needs. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. in order to evaluate your use of our website in connection with the advertisements shown to you on the Facebook page, to inform other Facebook users about your activities on our website, and to provide other services associated with the use of the Facebook network. If you do not want Facebook to associate the data collected about our web presence with your Facebook account, you must log out of Facebook before visiting our website.
You can find the purpose and scope of data collection and further processing and use of data by Facebook, as well as your rights in relation to it and the options for setting privacy protections, in Facebook's privacy guidelines: http://www.facebook.com/policy.php.
If you do not want Facebook to associate the data collected about our web presence directly with your Facebook profile, you must log out of Facebook before visiting our website. You can completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. using "Facebook Blocker" (https://www.comparitech.com/blog/vpn-privacy/stop-facebook-tracking/).

15. IMPORTANT – Why do I have to accept the terms of the Data Security Statement?


This Privacy / Security Statement provides you with all the necessary information (in a simple way), so that you can choose whether to use this website and whether to send your personal data to Mala od lavande or not.
Accordingly, when visiting our website, as well as when communicating by electronic means, you accept and consent to the processing of your personal data in the manner defined in this Data Security Statement.

If you are interested in us providing certain services (contests, newsletter, new product details, etc.), we will need to take additional direct personal data from you (name, address and e-mail address). In that case, we will ask for your consent for the collection and use of your personal data, which will be used exclusively for the purpose for which you have provided it to us.
If you have any questions about this Privacy Statement, please contact Mala od lavande at the address provided in question 12 and we will be glad to answer you.

Your cart

There are no more items in your cart