Dear valued customer,
1. WHO IS RESPONSIBLE FOR HANDLING YOUR PERSONAL DATA
1.1. Sofa Yoga (hereinafter referred to as the “Sofa Yoga”, “Company” “we”, “us”, “our”) is a brand name used and operated by a business entity Wire Salad OÜ, which is a limited liability company incorporated under the laws of Estonia (company reg. No. 16105764) with a registered address at Harjumaa, Tallinn linn, Juhkentali tn 8, 10132 Estonia, European Union.
1.2. We care about the protection of your personal information and follow the requirements of applicable data protection laws protecting information about you at our Company.
2. WHAT INFORMATION WE COLLECT ABOUT YOU AND WHY
|Why do you collect information about me?||Which information do you collect about me?||Why are you legally allowed to collect my information?||How long do you keep information about me?|
|1.1. For processing your purchase requests on our Website;||First name, last name, delivery address, telephone number, email address, information about your paid purchase price and currency.||We conclude and execute a contract with you (Art. 6 (1) (b) of the General Data Protection Regulation – GDPR).||1 year after you make a purchase on our website.|
|1.2. To process payments on the website;||First name, last name, delivery address, telephone number, email address, information about your paid purchase price and currency, your credit card brand, type, BIN number, and credit card issuer country.||We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR) upon which we need to collect payments from you.||As long as you have a subscription for our Services and 1 month after you terminate your subscription.|
|1.3. To provide you with our personalized Services – generating personalized yoga routines and plans;||Gender, age group, skin type, personal preferences with regards to the desired results of the Sofa Yoga routine.||We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR) upon which we undertake to provide you with services.||As long as you have a subscription for our Services and 6 months after you terminate your subscription.|
|1.4. To track your progress while using our services and developing our existing or new products or generating new plans for you;||Your progress information, your feedback messages and other communication which you share with us.||We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR) and we have a legitimate interest (Art. 6 (1) (f) of the GDPR) to develop and provide high quality services to you.||As long as you have a subscription for our Services and 6 months after you terminate your subscription.|
|1.5. To provide you with personalized offers, marketing materials, and special discounts;||IP address, email address, telephone number.||You agreed to that (Art. 6 (1) (a) of the GDPR)||1 month after you visit the Website.|
|1.6. To ensure security of our Website and continuously improve it for you – where you visit our website.||IP address or other device address or ID, web browser and/or device type, hardware and software settings and configurations, the web pages or sites that you visit just before or just after visiting the Site, the pages you view on the Site, your actions on the Site, and the dates and times that you visit, access, or use the Services. When you use the Site on a mobile device, we may also collect the physical location of your device by, for example, using satellite, cell phone tower or wireless local area network signals.||We have a legitimate interest (to ensure security of our website) (Art. 6 (1) (f) of the GDPR).||1 month after you visit the Website.|
|1.7. To manage our accounts on social media - where you interact with us via our social media accounts||Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about Company’s rating, comments on a post, post shares, information about post reactions.||You agreed to that (Art. 6 (1) (a) of the GDPR)||2 years|
|1.8. To manage our services and product customer reviews, testimonials and other feedback.||Name, surname, e-mail address, image/picture associated with your account, time and date when the message was received, the content of the message.||You agreed to that (Art. 6 (1) (a) of the GDPR)||2 years after receiving your feedback or message.|
|1.9. To handle queries, requests and complaints submitted by you – where you submit one.||Firs name, last name, e-mail address, country, telephone number, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, reply to your inquiry||
You agreed to that (Art. 6 (1) (a) of the GDPR)
We have a legitimate interest to do that (to handle your queries) (Art. 6 (1) (f) of the GDPR)
|2 years from the moment your last inquiry was received.|
|1.10. To contact you in case of unfinished order, or when your order or payment was not successfully processed due to technical errors.||First name, last name, email, telephone number, contents of the abandoned cart||
We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR)
We have a legitimate interest to do that (to process orders and payments) (Art. 6 (1) (f) of the GDPR)
|1 month after unsuccessful purchase order is placed on the Website|
|1.11. To protect our rights and interests in legal proceedings||Information listed under Paragraph 2.1 above, documents and attachments sent to you, documents and attachments submitted by you, procedural documents, court rulings, resolutions, decisions||We have a legitimate interest (to defend Company's rights in legal proceedings) (Art. 6 (1) (f) of the GDPR)||10 years following the termination or your account with our website or, in case legal processes were initiated, following termination of such legal processes|
|1.12. To protect our rights and interests in criminal proceedings||If a criminal case arises we can collect information about criminal offenses and convictions of the offender||Data is necessary for the establishment, exercise or defense of legal claims (Art. 9 (2) (f) of the GDPR)||10 years following the termination or your account with our website or, in case legal processes were initiated, following termination of such legal processes|
3. WHICH INFORMATION DO YOU HAVE TO PROVIDE US WITH
Please refer to Section 2 above - you have to provide us with the information which we need to process your purchase requests that you submit on the Website, as well as to handle your inquiries, requests, claims, testimonials, providing personalized services etc.
Please be noted that we will be able to provide you with quality services only if we have correct and accurate information about you. If you fail to provide us with true and accurate information or would not provide the required information intentionally – we will take no responsibility for the quality or fitness of our services.
4. WHAT DO WE DO WITH YOUR INFORMATION
We use your information for the purposes specified in Section 2 above. These are the main group of actions that we do with your personal information:
(a) We use your information to process your purchase request and provide you with your purchased services;
(b) We use your information to send you marketing and promotional materials;
(c) We use your information to contact you from time to time to inform you about discounts, specials deals, or personalized offers, or to provide general information and updates about our services;
(d) We use your information for compliance with the applicable laws - for example we must save your personal information records for accounting or for substantiation of the user reviews, in case you would leave us your review/feedback of services;
(e) We might transfer your personal information to third parties that are our service providers or business partners, when that is needed for fulfilling your order, or when that is necessary for protecting our rights.
5. SHARING YOU PERSONAL INFORMATION
5.1. We share your personal information with the following subjects:
(a) Payment processing companies (Stripe Inc., PayPal Inc.) and banks to which your paid amounts are transferred for us;
(b) attorneys, attorney's assistants, notaries, bailiffs, auditors, consultants, IT service providers, electronic communications service providers, insurance companies, archiving services, and other subjects that provide services to the Company;
(c) courts, law enforcement, and other state institutions, when we are required by law to do so, or if you violate this Policy or Terms & Conditions of the Website;
(d) third party partners to verify your identity in connection with your use of certain aspects of the Website;
(e) Our marketing partners to deliver you with personalized marketing content;
(f) Our Website online store management system service provider;
(g) Analytical tools service providers (such as Google Analytics).
5.2. We use Stripe and PayPal for processing your online payments and whenever you will choose a direct payment gateway to complete your purchase, then the payment processing companies may store your credit card information. In no case Sofa Yoga will not save or store any of your credit card data as we will only receive a tokenized confirmation whether your payment was successful or not. Any credit card information that you would provide on the Website will be transferred to the payment processing company in encrypted form through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our Website.
5.4. In most cases personal data are processed and transmitted in the territory of the European Union and the European Economic Area, however sometimes it is necessary for us to transfer your details to our service providers that are located outside European Union. We always make sure to have appropriate agreements covering data processing provisions and we perform regular audits to make sure that the third parties, located outside of the EU, are following GDPR rules. When this is permitted by law and is required for the reasons given in this policy, we may disclose information about you to third parties that are located in the United States and are compliant with EU-U.S. Privacy Shield Framework. You may download a copy of the EU-U.S. Privacy Shield Framework at https://www.privacyshield.gov/EU-US-Framework.
6. INFORMATION SECURITY
6.1. To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
6.2. If you provide us with your credit card information, the information will be encrypted using secure socket layer technology (SSL). Although no method of transmission over the Internet or electronic storage is 100% secure,we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
7. YOUR RIGHTS
7.1. GDPR and other laws provide you with certain rights, procedures for implementation of and exceptions to these rights. When allowed by law, you can:
(a) Submit a request for confirmation that the Company is processing the data related to you. If the Company process the data related to you, request access to the data processed and related information;
(b) Submit a request to correct inaccurate or incorrect information used or to supplement it when it is not complete;
(c) Submit a request to delete the information we have about you if we use it illegally;
(d) Submit a request to restrict the processing of your information – if you dispute the accuracy of the data or object to the processing of the data, if you do not accept that your data would be deleted which was illegally processed, or if you need the data to claim, execute or defend legal claims;
(e) Object to collection, use and storage of your information at our Company – when we process data based on the Company's legal and / or third party interests;
(f) Submit a request to transfer (receive) the data that you provided to us under the contract or giving the consent and which we process by automated means, generally using electronic form;
(g) To withdraw any consents given to us regarding information used about you - when we use the data based on your consent;
(h) To lodge a complaint with a supervisory authority and seek a judicial remedy.
7.2. Whenever we receive your request to exercise any of the rights specified above we may need to verify your identity in order to determine if the request is provided by the person about whom we have personal information and in order to determine your identity. Accordingly, we might ask you for additional information for verification purposes and we would use such information for this verification purpose only.
7.3. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. Our data processing is supervised by Estonian Data Protection Inspectorate, registered office at 39 Tatari St., 10134 Tallinn, Estonia, email email@example.com, +372 627 4135, https://www.aki.ee/.
8. AGE OF CONSENT
8.1. By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
8.2. We do not process any personal data of minors that are 16 years old or younger. If you are a minor as specified herein, we request that you would stop using the Website immediately. We have a right to delete your personal data without separate notification if we have a reason to believe that you are younger than 16 years old.
9.1. Cookies are small text files that are stored by your browser on your device (e.g. computer, mobile phone, tablet) when you browse websites. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. They are widely used to make websites work or work in a better, more efficient way. In this policy, we refer to all of these technologies as cookies.
|Cookie name||Cookie purpose||Cookie expiry|
|This cookie is handled by Pinterest and is used for marketing and tracking purposes.||
|_gid||This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected is collected in anonymous form and includes the number of visitors, the source where they have come from, and the pages visited.||1 day|
|IDE||This cookie is used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||390 days|
|_fbp||This cookie is installed by Facebook and is used to store and track visits across websites in order to deliver advertisement products such as real time bidding from third-party advertisers.||90 days|
|This cookie is installed by Google Analytics. The cookie is used to store and count pageviews information. The cookie is used for statistics only.||730 days|
|_ga_GGXW1Z45X4||Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.||730 days|
|_hjid||This is a Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID. The user ID is not attributable to any personally identifiable data.||365 days|
|_gcl_au||This is a Google Adsense cookie which is used for storing and tracking data about onsite conversions. The purpose of this cookie is to track the sales count on the Website and its stores browsing behaviour data.||90 days|
|_hjIncludedInSessionSample||This is a Hotjar cookie. This cookie is set to let Hotjar know whether that user is included in the data sampling defined by the Website’s daily session limit. It does not store or collect any personally identifiable data.||Only during the Website visiting session|
|_hjAbsoluteSessionInProgress||This is a Hotjar cookie that is used for identifying the first pageview session of a user. This is a True/False flag set by the cookie and it does not store or collect any personally identifiable data.||Only during the Website visiting session|
|_hjIncludedInPageviewSample||This is a Hotjar cookie. This cookie is set to let Hotjar know whether that user is included in the data sampling defined by the Website’s daily session limit. It does not store or collect any personally identifiable data.||Only during the Website visiting session|
|outbrain_cid_fetch||This cookie determines how the user accessed the Website. This information is used to determine from which traffic source the user was lead to the Website.||Only during the Website visiting session|
This is a Hotjar cookie that is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user on the Website. It is used by Recording filters to identify new user sessions.
|Only during the Website visiting session|
|_gat_UA-185704139-1||This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to.||Only during the Website visiting session|
9.3. You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. For information on how to adjust or change your browser settings, visit www.aboutcookies.org or www.allaboutcookies.org. For information on, policy and control options for third-party cookies, please read cookie policies of such third parties.
11. QUESTIONS AND CONTACT INFORMATION
If you have any questions, inquiries, requests, or complaints regarding our use of your personal information, please contact our customer support at firstname.lastname@example.org or filling in a contact form on the Website (https://sofayoga.com/contact).
You can also send us a post mail at:
Wire Salad OÜ
Harjumaa, Tallinn linn, Juhkentali tn 8, 10132 Estonia, European Union
Phone: +1 928 297 0352