Privacy Policy

 

Last update: 15-03-2021

Version: 1.0

Summary

Data Controller Name: Maria Dimech under the brand name of Copper & Plush.

Methods of information collection: when you provide it to us through our website such as signing up and subscribing to newsletters, use of our website through cookies, occasionally through third parties.

Information use: in compliance with legal obligations, to improve our website and products, to prevent fraud.

Information sent to third parties: when required by law, to our platform providers, to payment processors to fulfil their respective service contract.

Information Retention: for a minimum of five years from last customer transaction or account closure as per relevant regulations.

Information sold to third parties: no.

Transfer to countries outside the European Economic Area (EEA): only in specific circumstances we transfer limited personal data outside of the European Economic Area. Copper & Plush will ensure appropriate safeguards and contractual measures are in place.

Use of cookies: strictly necessary (necessary), functional (necessary), and advertising (non-necessary).

Information collected on you: name, email, phone, address, order history, other data that you have provided while contacting us, especially using the contact, or signup forms on our website, data that you have sent to us through an online chat, phone call and email. For marketing purposes and to improve our websites and services, we also collect data sent by your web browser, e.g., information about your browser, your IP address, and your operating system.

Your rights: you may request for information on what personal data we store in relation to you, you may have the data rectified, you may object to the processing of your personal data for direct marketing purposes, and withdraw consent, and you may lodge a complaint and request for an export or transfer of your data in a machine-readable format.

Introduction

As a data controller, Copper & Plush will process personal data from the customer for the purposes of allowing him/her access to use its services.

The purpose of this notice is to inform you about our policies for the collection, use and disclosure of personal information. Your information will not be shared with anyone except for the named parties in this privacy notice.

We reserve the right to update this privacy notice at any time without prior notice. Copper & Plush shall at all times process data in accordance to the privacy notice that you have read at the time of your registration. Upon a change in policy, we will alert you with a website banner notice; your continued use of the website and/or its services will constitute your acknowledgement to the updated notice. Use the “Last updated” date in this notice to determine when it was last changed.

  1. Purposes of the Data Processing

Copper & Plush collects and processes your personal data from your first visit on our website using cookies in order to:

  • Provide you with the services that you seek from our website;
  • Improve our website and services;
  • Ensure the security of our website;
  • Better market relevant content generally, using anonymous or pseudonymized personal data;
  • And, if you have additionally consented to it, market to you specifically, such as through email, phone, SMS remarketing and web retargeting.
  • Beyond these purposes, we process your data only if you have granted consent for its stated purposes including publishing the customer’s first name and/or first letter of last name and/or region for promotional purposes.

 None of the above processing includes automated decision taking.

  1. Cookies and Tracking Pixels on Visit

When you visit the Copper & Plush website, our system automatically collects information about your visit, such as your browser, IP address, and the referring website.

This collection may be done in conjunction with our platform providers and partners (see data recipients list below). We may receive from them general demographic or usage data of our site visitors. We do not use automatically collected information to identify you personally without collecting additional consent.

This information is collected using cookies, embedded hyperlinks, and similar tools. The latest browsers can be set to disable or delete cookies. The list below contains the types of cookies we use and their purposes.

There are two types of cookie that may be used during your visit to our site: 

Session cookies

Session cookies are deleted after each visit to our site. For example, when you are browsing our site, it will remember you for the duration of your visit, but the cookie will be removed from your computer as soon as you close down your internet browser. Session cookies allow you to add an item to the basket and then move through the checkout. Disallowing these cookies via your web browser will mean you are unable to place an order on this site. 

Persistent cookies

Persistent cookies remember you for a set period of time, allowing wishlist and/or previously viewed products to be displayed the next time you visit our site and whether you were logged into your account.

Opt-out: You can configure your browser to disable the Session and Persistent Cookies. This may reduce site functionality.

Google Analytics (Functional Cookies)

Our website uses Google Analytics, a web analysis service of Google, Inc. (“Google”). Learn more from their Terms of Service and Privacy Policy.

Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.

  1. Categories of Personal Data

Personal data means any information relating to an identified or identifiable natural person. Copper & Plush collects, processes, or uses the following personal data:

  • Name, email, phone, gender, address, order history;
  • Government identity for customer verification as required by applicable law;
  • Other data that you have provided while contacting us, especially using the contact, or signup forms on our website;
  • Data that you have sent to us through an online chat, phone call and support ticket;
  • Self-exclusion data which include data pertaining to you and your self-exclusion such as your registration and contact data and your self-exclusion info such start and date.

For marketing purposes and to improve our websites and services, we also collect data sent by your web browser, e.g., information about your browser, your IP address, and your operating system.

  1. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The criteria we use to determine what is ‘necessary’ depends on the nature of the particular personal data in question. Our normal practice is to determine whether there is/are any specific EU and/or national law(s) (for example tax or corporate laws) permitting or even obliging us to keep certain personal data for a certain period of time (in which case we will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against us by you and/or third parties and if so, what the prescriptive periods for such actions are.

In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claim(s), challenge(s) or other such action(s) by you and/or third parties.

Where your personal data is no longer required by us, we will either securely delete or anonymise the personal data in question.

  1. Data recipients

Copper & Plush does not sell or rent personal information to third parties. We do not share your personal information, except as provided in this privacy notice. These employees of copperandplush.com who have access to or are associated with the processing of the customer’s personal information, have signed confidentiality agreements to respect the confidential nature of the customer’s information pursuant to applicable data protection and privacy laws.

5.1 Third parties

We may disclose your personal information if required by law, regulation, or other legal subpoena or warrant. We may also disclose your personal information to a regulatory or law enforcement agency if we believe it to be necessary to protect the legitimate interests of Copper & Plush, its customers or any third party.

Personal data will only be disclosed to third parties in the following cases:

  • Where Copper & Plush is required to do so by law;
  • If Copper & Plush needs to share data with its payment processors to facilitate payment transactions in accordance with their privacy policies;
  • To comply with Copper & Plush’s legal and regulatory duties and responsibilities to the relevant licensing and regulatory authorities as well as all duties and responsibilities owed under any other applicable legislation and to any other applicable regulators in other jurisdictions;
  • When Copper & Plush feels that disclosure is necessary to protect Copper & Plush’s or the customer’s safety, or the safety of others, investigate fraud, or respond to a government request;
  • If Copper & Plush’s marketing service providers require the data to carry out their tasks;
  • to fulfil a compelling legitimate interest of Copper & Plush in a manner that does not outweigh your rights and freedoms;
  • To any other third party with the customer’s prior consent to do so.

We use third-party data processors to process limited personal data on our behalf. Such service providers support Copper & Plush, especially relating to hosting and operating the websites, marketing, analytics, improving the websites, and sending email newsletters. These processors are located outside the European Economic Area. Copper & Plush shall ensure that the transfer of the Personal Data to the recipient is compliant with Applicable Data Protection Legislation and that the same obligations are imposed on the processor as is imposed on Copper & Plush under the respective Services Agreement.

Our websites may also include social media features (e.g., share or like buttons). Such features are provided by third-party social media platforms such as Facebook. Where data is collected this way, its processing is governed by the privacy policy of the respective social media platforms.

Our content may link to third party websites to provide relevant references. We are not responsible for such external content, which may contain separate privacy policies and data processing disclosures.

5.2. Authorised disclosure: If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Copper & Plush has a right to forward Your Personal Data to the government authorities; share any of Your Personal Data to the relevant regulator; share Your Personal Data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into your actions; respond to any Court subpoena or order or similar official request for Personal Data.

5.4. International transfer 

Some of your suppliers and partners are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • transfer your personal data is performed to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see here.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see here.
  1. Email communications

An email address collected for purposes of communication or promotion, will be used to contact you and also to send you promotional emails where you have provided your consent to do so. You may revoke your consent to receive emails for promotional purposes any time, by clicking on an unsubscribe link or updating your account preferences on our website. The same applies to third-party marketing communications.

Further, with your consent, we may make use of email tracking technology to obtain data on if you open an email or if you click on links in an email. This data will be used only to help improve future marketing messaging including prioritizing follow-ups based on perceived communications relevance. Without your consent, we will not make use of personal data unique to you, such as your IP address, your device and browser information, or the time and number of times you open an email or click on a link.

  1. Technical and Organizational Data Protection

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In order to comply with GDPR, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures availability, confidentiality and integrity at all times. At an organisation level, the handling of all information is governed by our comprehensive Information Security Policies. This is complemented by an information Security awareness programme designed to specifically ensure we embrace security best practices whenever it comes to handling information.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a ‘need to know’ business requirement. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1.  Your Rights Under the Data Protection Laws

8.1 Your Right of Access 

You may, at any time, with reasonable intervals, request us to confirm whether or not we are processing personal data that concerns you and, if we are, you shall have the right to access that personal data and to the following information:

  • what personal data we have, 
  • why we process them,
  • who we disclose them to, 
  • how long we intend on keeping them for (where possible), 
  • whether we transfer them abroad and the safeguards We take to protect them, 
  • what your rights are, 
  • how you can make a complaint, 
  • where we got Your personal data from and 
  • whether we have carried out any automated decision-making (including profiling) as well as related information.

The easiest way to obtain this information is to contact us at info@copperandplush.com or request this information via another channel.   Upon such request, we shall (without adversely affecting the rights and freedoms of others including our own) provide You with such information and/or with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.

8.2. The Right to Rectification

Although all reasonable efforts will be made to keep your personal data updated, you are kindly requested to inform us promptly. With respect to your residential address and phone number, you can notify us of the change by amending your profile of any changes to your personal data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end you have the right to ask us to rectify inaccurate personal data and to complete incomplete personal data concerning you. We may seek to verify the accuracy of the data before rectifying it.

8.3. The Right to Erasure (The Right to be Forgotten)

You have the right to ask us to delete your personal data and we shall comply without undue delay but only where:

  • The personal data are no longer necessary for the purposes for which they were collected; or
  • You have withdrawn our consent (in those instances where we process on the basis of your consent) and we have no other legal ground to process your personal data; or
  • You shall have successfully exercised your right to object (as explained below); or
  • Your personal data shall have been processed unlawfully; or 
  • There exists a legal obligation to which we are subject;

In any case, we shall not be legally bound to comply with your erasure request if the processing of your personal data is necessary for compliance with a legal obligation to which we are subject (including but not limited to Our data retention obligations); or for the establishment, exercise or defence of legal claims.

There are other legal grounds entitling us to refuse erasure requests. You may request the erasure by contacting us. 

8.4 The Right to Data Restriction

You have the right to ask us to restrict (that is, store but not further process) Your personal data but only where:

  • The accuracy of your personal data is contested (see the right to data rectification above), for a period enabling us to verify the accuracy of the personal data; or
  • The processing is unlawful, and you oppose the erasure of your personal data; or
  • We no longer need the personal data for the purposes for which they were collected but you need the personal data for the establishment, exercise or defence of legal claims; or
  • You exercised your right to object and verification of our legitimate grounds to override Your objection is pending.

Following your request for restriction, except for storing your personal data, we may only process your personal data:

  • Where we have your consent; or
  • For the establishment, exercise or defence of legal claims; or
  • For reasons of important public interest.

You may request the restriction by contacting us.

8.5. The Right to Data Portability

You have the right to ask us to provide your personal data in a structured, commonly used, machine-readable format, or (where technically feasible) to have it 'ported' directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:                                                                  

  • The processing is based on Your consent or on the performance of a contract with You; and
  • The processing is carried out by automated means.

To a great extent, you may exercise this right by contacting us.

8.6. The Right to Object to Certain Processing

When Your data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data, which includes profiling to the extent that it is related to such direct marketing. 

For the avoidance of all doubt, when we process your personal data when this is necessary for the performance of a contract, this general right to object shall not subsist. 

With respect to Direct marketing of our own goods and services incl. related profiling, You may object such processing at any time, by contacting us or by selecting your preferences on the “Edit profile” section of your ‘My Account Profile’. 

8.7. Right to withdraw consent (when we process your data on the basis of consent)

In those cases where we process on the basis of your consent, you have the right to withdraw your consent at any time.

8.8 The Right to lodge a Complaint 

You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Malta is the Office of the Information and Data Protection Commissioner (IDPC). We kindly ask that you attempt to resolve any issues directly with us first (even though, as stated above, you have a right to contact the competent authority at any time).  

8.9 WHAT WE MAY NEED FROM YOU

When exercising your rights by contacting us, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

8.10 TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  1. Contact Info

Please feel free to direct such requests, or other questions and comments regarding this privacy notice or the privacy practices of copperandplush.com:


Copper & Plush

Email: info@copperandplush.com