Last update: 15-03-2021
Data Controller Name: Maria Dimech under the brand name of Copper & Plush.
Methods of information collection: when you provide it to us through our website such as signing up and subscribing to newsletters, use of our website through cookies, occasionally through third parties.
Information use: in compliance with legal obligations, to improve our website and products, to prevent fraud.
Information sent to third parties: when required by law, to our platform providers, to payment processors to fulfil their respective service contract.
Information Retention: for a minimum of five years from last customer transaction or account closure as per relevant regulations.
Information sold to third parties: no.
Transfer to countries outside the European Economic Area (EEA): only in specific circumstances we transfer limited personal data outside of the European Economic Area. Copper & Plush will ensure appropriate safeguards and contractual measures are in place.
Information collected on you: name, email, phone, address, order history, other data that you have provided while contacting us, especially using the contact, or signup forms on our website, data that you have sent to us through an online chat, phone call and email. For marketing purposes and to improve our websites and services, we also collect data sent by your web browser, e.g., information about your browser, your IP address, and your operating system.
Your rights: you may request for information on what personal data we store in relation to you, you may have the data rectified, you may object to the processing of your personal data for direct marketing purposes, and withdraw consent, and you may lodge a complaint and request for an export or transfer of your data in a machine-readable format.
As a data controller, Copper & Plush will process personal data from the customer for the purposes of allowing him/her access to use its services.
The purpose of this notice is to inform you about our policies for the collection, use and disclosure of personal information. Your information will not be shared with anyone except for the named parties in this privacy notice.
We reserve the right to update this privacy notice at any time without prior notice. Copper & Plush shall at all times process data in accordance to the privacy notice that you have read at the time of your registration. Upon a change in policy, we will alert you with a website banner notice; your continued use of the website and/or its services will constitute your acknowledgement to the updated notice. Use the “Last updated” date in this notice to determine when it was last changed.
Copper & Plush collects and processes your personal data from your first visit on our website using cookies in order to:
None of the above processing includes automated decision taking.
When you visit the Copper & Plush website, our system automatically collects information about your visit, such as your browser, IP address, and the referring website.
This collection may be done in conjunction with our platform providers and partners (see data recipients list below). We may receive from them general demographic or usage data of our site visitors. We do not use automatically collected information to identify you personally without collecting additional consent.
This information is collected using cookies, embedded hyperlinks, and similar tools. The latest browsers can be set to disable or delete cookies. The list below contains the types of cookies we use and their purposes.
There are two types of cookie that may be used during your visit to our site:
Session cookies are deleted after each visit to our site. For example, when you are browsing our site, it will remember you for the duration of your visit, but the cookie will be removed from your computer as soon as you close down your internet browser. Session cookies allow you to add an item to the basket and then move through the checkout. Disallowing these cookies via your web browser will mean you are unable to place an order on this site.
Persistent cookies remember you for a set period of time, allowing wishlist and/or previously viewed products to be displayed the next time you visit our site and whether you were logged into your account.
Opt-out: You can configure your browser to disable the Session and Persistent Cookies. This may reduce site functionality.
Google Analytics (Functional Cookies)
Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.
Personal data means any information relating to an identified or identifiable natural person. Copper & Plush collects, processes, or uses the following personal data:
For marketing purposes and to improve our websites and services, we also collect data sent by your web browser, e.g., information about your browser, your IP address, and your operating system.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria we use to determine what is ‘necessary’ depends on the nature of the particular personal data in question. Our normal practice is to determine whether there is/are any specific EU and/or national law(s) (for example tax or corporate laws) permitting or even obliging us to keep certain personal data for a certain period of time (in which case we will keep the personal data for the maximum period indicated by any such law) and if not, whether there are any laws and/or contractual provisions that may be invoked against us by you and/or third parties and if so, what the prescriptive periods for such actions are.
In the latter case, we will keep any relevant personal data that we may need to defend ourselves against any claim(s), challenge(s) or other such action(s) by you and/or third parties.
Where your personal data is no longer required by us, we will either securely delete or anonymise the personal data in question.
Copper & Plush does not sell or rent personal information to third parties. We do not share your personal information, except as provided in this privacy notice. These employees of copperandplush.com who have access to or are associated with the processing of the customer’s personal information, have signed confidentiality agreements to respect the confidential nature of the customer’s information pursuant to applicable data protection and privacy laws.
5.1 Third parties
We may disclose your personal information if required by law, regulation, or other legal subpoena or warrant. We may also disclose your personal information to a regulatory or law enforcement agency if we believe it to be necessary to protect the legitimate interests of Copper & Plush, its customers or any third party.
Personal data will only be disclosed to third parties in the following cases:
We use third-party data processors to process limited personal data on our behalf. Such service providers support Copper & Plush, especially relating to hosting and operating the websites, marketing, analytics, improving the websites, and sending email newsletters. These processors are located outside the European Economic Area. Copper & Plush shall ensure that the transfer of the Personal Data to the recipient is compliant with Applicable Data Protection Legislation and that the same obligations are imposed on the processor as is imposed on Copper & Plush under the respective Services Agreement.
Our content may link to third party websites to provide relevant references. We are not responsible for such external content, which may contain separate privacy policies and data processing disclosures.
5.2. Authorised disclosure: If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Copper & Plush has a right to forward Your Personal Data to the government authorities; share any of Your Personal Data to the relevant regulator; share Your Personal Data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into your actions; respond to any Court subpoena or order or similar official request for Personal Data.
5.4. International transfer
Some of your suppliers and partners are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
An email address collected for purposes of communication or promotion, will be used to contact you and also to send you promotional emails where you have provided your consent to do so. You may revoke your consent to receive emails for promotional purposes any time, by clicking on an unsubscribe link or updating your account preferences on our website. The same applies to third-party marketing communications.
Further, with your consent, we may make use of email tracking technology to obtain data on if you open an email or if you click on links in an email. This data will be used only to help improve future marketing messaging including prioritizing follow-ups based on perceived communications relevance. Without your consent, we will not make use of personal data unique to you, such as your IP address, your device and browser information, or the time and number of times you open an email or click on a link.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In order to comply with GDPR, various technical controls ensure data and information are always encrypted during transit and at rest using industry standard encryption techniques across the board. This ensures availability, confidentiality and integrity at all times. At an organisation level, the handling of all information is governed by our comprehensive Information Security Policies. This is complemented by an information Security awareness programme designed to specifically ensure we embrace security best practices whenever it comes to handling information.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a ‘need to know’ business requirement. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8.1 Your Right of Access
You may, at any time, with reasonable intervals, request us to confirm whether or not we are processing personal data that concerns you and, if we are, you shall have the right to access that personal data and to the following information:
The easiest way to obtain this information is to contact us at firstname.lastname@example.org or request this information via another channel. Upon such request, we shall (without adversely affecting the rights and freedoms of others including our own) provide You with such information and/or with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.
8.2. The Right to Rectification
Although all reasonable efforts will be made to keep your personal data updated, you are kindly requested to inform us promptly. With respect to your residential address and phone number, you can notify us of the change by amending your profile of any changes to your personal data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end you have the right to ask us to rectify inaccurate personal data and to complete incomplete personal data concerning you. We may seek to verify the accuracy of the data before rectifying it.
8.3. The Right to Erasure (The Right to be Forgotten)
You have the right to ask us to delete your personal data and we shall comply without undue delay but only where:
In any case, we shall not be legally bound to comply with your erasure request if the processing of your personal data is necessary for compliance with a legal obligation to which we are subject (including but not limited to Our data retention obligations); or for the establishment, exercise or defence of legal claims.
There are other legal grounds entitling us to refuse erasure requests. You may request the erasure by contacting us.
8.4 The Right to Data Restriction
You have the right to ask us to restrict (that is, store but not further process) Your personal data but only where:
Following your request for restriction, except for storing your personal data, we may only process your personal data:
You may request the restriction by contacting us.
8.5. The Right to Data Portability
You have the right to ask us to provide your personal data in a structured, commonly used, machine-readable format, or (where technically feasible) to have it 'ported' directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:
To a great extent, you may exercise this right by contacting us.
8.6. The Right to Object to Certain Processing
When Your data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data, which includes profiling to the extent that it is related to such direct marketing.
For the avoidance of all doubt, when we process your personal data when this is necessary for the performance of a contract, this general right to object shall not subsist.
With respect to Direct marketing of our own goods and services incl. related profiling, You may object such processing at any time, by contacting us or by selecting your preferences on the “Edit profile” section of your ‘My Account Profile’.
8.7. Right to withdraw consent (when we process your data on the basis of consent)
In those cases where we process on the basis of your consent, you have the right to withdraw your consent at any time.
8.8 The Right to lodge a Complaint
You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in Malta is the Office of the Information and Data Protection Commissioner (IDPC). We kindly ask that you attempt to resolve any issues directly with us first (even though, as stated above, you have a right to contact the competent authority at any time).
8.9 WHAT WE MAY NEED FROM YOU
When exercising your rights by contacting us, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.10 TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Please feel free to direct such requests, or other questions and comments regarding this privacy notice or the privacy practices of copperandplush.com:
Copper & Plush