In this document, we provide detailed information on the data we process when you visit our website, and the form in which we process this data. By doing so, we fulfil our obligation to provide information to you in accordance with Art. 13 of the GDPR.
Responsible person and contact details for data protection officer:
The person responsible for the data processing that takes place on our website is:
Dr Linda Lanyon
CEO, Serendipitea AB
Lindaus väg 24
1. PERSONAL DATA
According to the GDPR, personal data means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a postal address, an email address or a phone number.
2. RIGHTS OF DATA SUBJECTS
The General Data Protection Regulation guarantees you certain rights, which you can exercise against us if there are legal grounds for you to do so.
Art. 15 of the GDPR – Right of access by the data subject: You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, which data is being processed and how the data is being processed.
Art. 16 of the GDPR – Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Art. 17 of the GDPR – Right to erasure (‘right to be forgotten’): You have the right to obtain from us the erasure of personal data concerning you without undue delay.
Art. 18 of the GDPR – Right to restriction of processing: You have the right to obtain from the controller restriction of processing.
Art. 20 of the GDPR – Right to data portability: Where we are processing your data based on your consent or to fulfil a contract, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, or to have the data transmitted to another controller, either directly or indirectly and insofar as it is technically feasible to do so.
Art. 21 of the GDPR – Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on our legitimate interests or required in the public interest, or in the exercise of official authority.
If you object to the processing of your personal data, we will no longer process your personal data unless we can demonstrate that there are compelling grounds to do so which outweigh your interests, rights and freedoms, or where we are required to process your data to file, exercise or defend a legal claim.
If we process your personal data for direct marketing purposes, you have the right to object to such processing of your data at any time. If you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for this purpose.
Art. 77 of the GDPR – Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the applicable regulations.
Please see this resource for more information about your rights as a patient in relation to your personal data under the GDPR: https://www.eu-patient.eu/globalassets/policy/data-protection/data-protection-guide-for-patients-organisations.pdf
If you have granted your consent, you may revoke this consent at any time. In such cases, all data processing that has taken place prior to the revocation of your consent will be deemed legally compliant. To revoke your consent, you may click on the link provided in any email you receive from us to unsubscribe from our email service. You can also change the appropriate setting in your user account or send an email to firstname.lastname@example.org. If you send us a message stating that you no longer wish to receive emails from us, we will not send any further emails to the email address you indicate. If you have any concerns, please email us at email@example.com.
3. DATA USAGE
We use your data to:
Deliver products and services to you
Improve user experience on our website
4. DATA SOURCES
Provided you don’t bare us from doing so, and depending which website functions you select, we collect data from you as follows:
We use "cookies" to enhance the functionality of our Internet site and to make its use more convenient for you. When you enter our website, these “cookies” may be used to store data on your computer. You can adjust the settings on your browser to prevent cookies from being stored on your computer. However this may limit the functionality of our website.
Cookies will be stored on your computer when you are using this website. Cookies are small text files, which are stored on your hard drive in connection with the browser software you use and from which the body (in this case us) setting the cookie, will receive specific information. Cookies cannot execute programmes or transmit viruses to your computer. They simply serve the purpose of making the overall internet offering more user-friendly and effective.
b) Transient cookies are deleted automatically, once you close your browser. These include specifically the so-called session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to a common session. It allows your computer to be recognised when you visit the website next time. Session cookies are deleted once you log out or close your browser.
c) Persistent cookies are deleted automatically after a specified time, which can vary from one cookie to the next. You have the option to delete all stored cookies at any time via the setting options of your browser.
d) You can configure the settings of your browser according to your wishes. Which means you can e.g. refuse to accept third party cookies or all cookies. This setting option may, however, result in you not being able to use this website’s full functionality. You can also change the settings in your browser to ask for your permission every time a cookie tries to access your computer.
When you visit our website, we generally only collect and store personal data that you actively provide to us. However, when you visit our website, your browser will automatically send us data stored in log files, the so-called server log files, which are the following information
Type and version of your browser
Host name (IP address)
Date and time of retrieval
These logfile records are only available for us in an anonymised format and therefore cannot be traced back to individuals. We use them to improve our offering and make our website more user-friendly, to find and fix bugs, and to control server load.
If you send us inquiries via our contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
PERSONALISED TEA FORM
If you send us data via our personalised tea request questionnaire, your information from the questionnaire, including the contact details you provided there, will be stored in order to process the request to create a personalised tea, including any follow-up questions and cost quotation via email. We will not share this information without your consent.
BOOKING AN APPOINTMENT
If you send us information via our appointment booking form, your details from the booking form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. The data will be held for a period of at least 6 months after the appointment in case of follow-up queries. We will not share this information without your consent.
When you register for our newsletter, your email address and your permission is saved and is used exclusively for our own advertising purposes. We never pass data on to third parties. We will use your information until you request to stop receiving the newsletter. You can request to stop receiving the newsletter at any time.
You can register on our website to use additional functions such as information downloads. We use the data entered for the purpose of improving your use of our website, collecting general user statistics, and sending you email communications.
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and/or the lock symbol in your browser line. If SSL encryption is enabled, the data you submit to us can not be read by third parties.
We store your data,
if you gave us your consent and until you revoke it,
if we need the data to execute a contract and as long as the contractual relationship lasts,
if we use the data on the basis of a legitimate interest, as long as you did not ask us to delete it.
We do not knowingly solicit or collect data from or market to children under 18 years of age. By using the Serendipitea website, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of our website. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at firstname.lastname@example.org.
5. WEB ANALYTICS
As is the norm, we use analysis tools in the form of tracking software to determine the frequency of use and the number of users of our website.
Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
6. THIRD PARTIES
Our website is hosted on the Wix.com platform. Wix.com provides the online platform that allows us to sell our products and services to you. Your data is stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. WIX primary and backup servers are located around the world.
All direct payment gateways offered by Wix.com and used by our company adhere to the Payment Card Industry Data Security Standards (PCI-DSS) managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. Wix is accredited as a PCI-DSS level 1 service provider and merchant. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers, and helps reduce credit card fraud. WIX regularly performs internal security audits to maintain its ISO/PCI security certifications. Click here to learn more.
Wix.com is certified under the EU-US Privacy Shield Framework and the Swiss-US privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, and therefore adheres to the Privacy Shield Principles.
If you opt for payment via credit or debit card, payment will be processed via stripe.com (Stripe Payments Europe Ltd, C / O A & L Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland, hereinafter "Stripe") Your information provided in the course of the order process in addition to the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) is passed to Stripe. The transfer of your data is solely for the purpose of payment processing. For more information about Stripe privacy, visit https://stripe.com/privacy.
If you opt for payment via PayPal, the provider of this service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). The payment data you provide will be passed to the relevant payment provider in accordance with Art. 6, para. 1(f) of the GDPR. Offering a wide range of convenient payment options to our customers is classed as a legitimate interest. Further information on data processing at PayPal can be found at https://www.paypal.com/webapps/mpp/ua/privacy-full.
Version 1 Effective from 8th March 2021