VEMUCON LIMITED is a Company incorporated under Irish law with Company Number 679396 (the”Company”). We are fully compliant with the General Data Protection Regulation (“GDPR”) and all applicable legislation made in the Republic of Ireland thereunder.
Our Data Protection Representative is Aoife Conway who can be contacted at firstname.lastname@example.org
What Data do we collect?
Our Company collects personal data comprising personally identifiable information from our vendors, customers, subscribers and other visitors to our website including the following;
- Email address
- Telephone number
- Social Media Profile details
We do not collect sensitive personal data as defined in the GDPR. We do not collect financial information.
How do we collect your Data?
The Company collects data from vendors, customers, subscribers and other visitors to our website (“Data Subjects”) and processes it in in accordance with our business as a multi-vendor platform for provision of goods and services by our vendors and purchase of goods and services by our customers.
We will collect data from our Data Subjects via our website and any communication which you make to us. The Company will operate as a Data Controller in respect of the personal data supplied by its Data Subjects. We will collect personal data about you upon subscription to our website, via orders made by you through our website, contact forms, testimonials, reviews, and any other interaction which you may have with our website. We also collect personal data from records of our correspondence, telephone calls, emails, details of your visit to our website, publicly available information including social media and through use of browser cookies.
Our Company will collect data primarily by way of direct production of same by our Data Subjects. On occasion we may also receive your data indirectly via publicly available information including on social networking sites.
How will we use your Personal Data?
Our Company collects your data so that we can;
- Enable our vendors to advertise and sell their goods and services on our website.
- To process a request to subscribe to our website and issue communications to you.
- To enable you and us to manage your account and any order for the provision of goods and services.
- To process an order from you for goods and services from our vendors including delivery of that order by the relevant vendor.
- To contact you with special offers on other products and services which may be of interest to you.
- To engage with you and respond to any requests which you may have.
- To improve our level of service
- For general marketing purposes which are in the legitimate interest of our business
- To verify your identity for security purposes
- To enable us to provide our goods and services and to provide you with suggestions and advice on products, services and how to obtain the most from using our website.
- Record keeping for the proper and necessary administration of our business.
- Protecting and asserting the legal rights of any party including in particular our customers and vendors.
Basis of processing Data
The Company will process data on behalf of natural persons comprising their Data Subjects and will ensure that your data is processed in a lawful, clear and transparent manner at all times for a specific and legitimate purpose in compliance with GDPR. The Company relies on the following legal basis for the processing of data.
- Processing necessary for the performance of a Contract
- Processing necessary for the compliance with a legal or statutory obligation
- To protect a vital interest of a Data Subject
- With the consent of the Data Subject for one or more specific and legitimate purposes.
- Processing necessary for the purposes of the legitimate interest pursued by the Controller or a third party except where such interest is overridden by the fundamental rights and freedoms of the Data Subject.
Where we rely on the legitimate interest of the Company for the processing of the personal data, we will take all reasonable measure to ensure that the interests of the Data Subject are protected. The legitimate interests of the Company in this context include direct marketing, prevention of fraud and information system security.
We will rely on our legitimate interests as a company to process your data for direct marketing purposes. We consider it to be a legitimate interest of our company in promoting its services, products and in the administration operation of our business. Any such processing will not be carried out where such interest is overridden by the rights and freedoms of the Data Subject. In all direct marketing communications, we will give an unsubscribe option. A Data Subject can unsubscribe at any time.
We will only rely on consent as the basis for processing in limited circumstances. In particular, we will rely on your consent for the processing of cookies and for your subscription to our website (in the event that no order has been made). Where consent is utilised as the basis for processing, such consent can be withdrawn at any time. In that event, we will cease processing your data, unless there is a separate basis upon which we can rely to process your data, such as same being necessary for the performance of the contract between us or necessary for us to comply with our legal and statutory obligations.
How do we store your Data?
The Company 20i, securely stores your data on Server in the UK. We will ensure the appropriate, technical and organisational measures are put in place commensurate with the level of security required for the data held on your behalf. We will use all appropriate and reasonable measure to ensure integrity and confidentiality of the personal as maintained at all times.
Our Company would like to send marketing information to you about the products and services which we think will be of relevance to you. We now give the option to opt out of marketing at the checkout but if you wish to unsubscribe at any stage, please contact email@example.com and she will arrange this for you. You have a right to object to our processing your data for direct marketing purposes at any stage.
Sharing of Personal Data
It will be necessary for us to share your personal data with third parties in certain circumstances to enable us to comply with our legal and statutory obligations and to perform the contract between us. In particular, we will need to share your personal data with our vendors in the event that you make an order, and with the customers in the event that a customer orders from you. In that regard, our vendors may act as data processors in certain circumstances where necessary to give effect to the order made. Where vendors act as data processors, they will process your personal data in the manner required to affect the transaction but not otherwise. In that context, either our vendors will need to share your personal data with any courier partners to enable the contract to be performed and they are permitted to do so under the vendor terms. We may also need to share your personal data with sub-contractors, or third parties required to give effect to the contract to purchase any goods or services.
We may share your data with third party service providers that we engage to send emails or postal mail on our behalf in relation to marketing communications including Mail-Chimp or Sendinblue. We may also utilise certain independent feedback providers via our site and your personal data may be shared in that context.
For the avoidance of doubt, we do not process any financial information. In particular, in the event that you make a payment via our website, you are on notice that any such payment provider is an independent third party. We do not store, or process payment information and any such processing is subject to the terms of the relevant payment provider. It is incumbent upon you to review the privacy terms attached to such payment provider as they independently process financial data on your behalf.
We may also share your data with our professional advisors where necessary including lawyers, bankers, auditors and insurers who provide professional services necessary for the operation of the business of the Company.
We do not propose to transfer personal data to any parties not resident within Europe save in the event that it is necessary for completion of the contract between us.
In the event that you post a review on our website, any such information will be available publicly and accordingly any personally identifiable information will be shared with any third parties who view the review or any reply thereto. We will store and process this information however will not otherwise share that information save by way of the public forum on which you will post.
The Company will keep your data for no longer than necessary for the purpose for which the data was provided taking into account the basis for processing the data. In particular, we may retain certain administrative records in compliance with our own legal obligations regarding the performance of the contract between us for a period of three years following completion of the order. In the event that there is any notice of a potential claim against the Company, we shall be entitled to retain any such personal data until the claim is resolved. We will also retain your personal data for a period of one year after termination of your subscription to our website, unless you otherwise request that we delete same.
Rights of Data Subject
You have the following rights under the GDPR, in certain circumstances and subject to certain exemptions, in relation to your personal data:
- Right to access data – you have the right to request a copy of the personal data that we hold about you together with other information about our processing of that personal data.
- Right to rectification – you have the right to request that any inaccurate data that is held about you is corrected or if we have incomplete information you may request that we request that we update the information such that it is complete.
- Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as a right to be forgotten.
- Right to restrict processing or object to processing – you have the right to request that we no longer process your personal data for particular purposes or object to our processing of your personal data for a particular purpose
- Right to data portability – you have the right to request us to provide you or a third party with a copy of your personal data in a structured commonly used readable format.
- Right to object to processing – you have the right to object to processing of data under certain conditions.
If you wish to exercise any of the rights set out above, please contact Aoife Conway at firstname.lastname@example.org
We ask that you ensure that all data which you furnish to us is kept accurate and up-to-date at any stage.
If we were processing personal data on the basis of your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing which should take place prior to its withdrawal.
You can object to the processing of your personal data for direct marketing purposes at any stage. If you are unhappy with how we process your personal data we ask that you contact us so that we can rectify the situation. You may lodge a complaint with the Supervisory Authority of the Irish Supervisory Authority of the Data Protection Commission.
- Keeping you signed in.
- Understanding how you use our website.
- To track or use our website.
- To record whether you have seen any specific messages we display on our website.
- To keep you signed into our website.
- To record your answers to surveys and questionnaires on our site while you complete them.
- To record the conversations had during live chat/support chat with our support team and with vendors.
- Data analytics including geographical location, ISP and IP address.
- For re-marketing purposes.
Automated decision-making and profiling
We do not use personal data for the purposes of automated decision-making or profiling.
Changes to this Privacy Notice
Date 6th May 2021