Data Protection GDPR Policy
Data Protection GDPR Policy
MBSFlow is fully committed to comply with the General Data Protection Regulation (GDPR). The GDPR applies to all organisations and sole traders that process data relating to their employees, as well as to others including customers, contractors and clients. It sets out principles which should be followed by those who process data; it gives new and extended rights to those whose data is being processed.
To this end, I endorse fully and adhere to the six principles of data protection, as set out in the Article 5 of the GDPR.
-
Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.
-
Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
-
Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
-
Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
-
Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
-
Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
These principles must be followed at all times when processing or using personal information. Therefore, through appropriate management and application of processes and controls I will:
-
observe the conditions regarding the collection and use of information including the giving of consent
-
meet the legal obligations to specify the purposes for which information is used
-
collect and process appropriate information only to the extent that it is needed to fulfil my operational needs
-
ensure the quality of information used
-
ensure that the information is held for no longer than is necessary
-
ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as incorrect)
-
take appropriate security measures to safeguard personal information
-
publicise and abide by individuals' right to appeal or complain to the supervisory authority (the Information Commissioner's Office (ICO)) in the event that agreement cannot be reached in a dispute regarding data protection
-
ensure that personal information is not shared or transferred abroad without prior written consent
Data Security
We will ensure that:
-
personal data is kept securely
-
personal information is not disclosed either orally or in writing or via Web pages or by any other means, accidentally or otherwise, to any unauthorised third party.
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
We collect such Non-personal and Personal Information for the following purposes:
-
To provide and operate the Services;
-
To provide our Users with ongoing customer assistance and technical support;
-
To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
-
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
-
To comply with any applicable laws and regulations.
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
It's important to note that third-party services, such as Google Analytics or other applications offered through the Wix App Market, placing cookies or utilizing other tracking technologies through Wix´s services, may have their own policies regarding how they collect and store information. As these are external services, such practices are not covered by the Wix Privacy Policy.
If you don’t want us to process your data anymore, please contact us at andrea@mbsflow.com
Privacy policy updates
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at andrea@mbsflow.com