One Eden SL of Plaza de Bulevar, Edificio B, Local 12,1ª Planta, Oficinas 1A y 1B 29649 La Cala de Mijas, Málaga, España. (“One Eden”) is the Data Controller with respect to the personal data collected from our website visitors and our customers/clients.
We know that you care about your personal data and how it is used, and we want you to know that (One Eden) uses your personal data carefully.
Who is collecting your data?
Any personal data provided to or collected by One Eden is controlled by One Eden of Plaza del Bulevar,Edificio B, Local 12,1ª Planta, Oficinas 1A y 1B. 29649 La Cala de Mijas, Málaga, España.Tel: (+34) 856 58 70 38.
What personal data is being collected?
Personal data means any information that can be used to identify directly or indirectly a specific individual. This definition includes personal data collected offline when you contact us, direct marketing campaigns, competitions and online through our websites, applications and branded pages on any third-party platforms and applications accessed or used through third-party platforms.
You are not required to provide One Eden with the personal data that we may request, but if you choose not to do so, we may not be able to provide you with our products or services, or with a high quality of service or respond to any queries you may have.
We may collect your personal data from a variety of sources. This includes:
• Personal data you give us directly – e.g. contacting us by phone or email, entering a competition, dealing with us;
• Personal data we collect from other sources – i.e. technical data from third party analytics tools like Google Analytics.
We will never sell your data to third parties.
What purpose do we use your data for?
We collect and process your personal data only for specific purposes. For example, to process any payments, to assess and handle any complaints, to develop and improve our products, services, communication methods and the functionality of our websites, communications and targeted marketing.
Additionally, One Eden may process your personal data also using automated means. An automated decision is a decision which is made solely by automatic means, where no humans are involved in the decision-making process related to your personal data.
We collect, process and disclose your personal data for the following purposes:
• To process your payments, if you purchase our products or services, deal with your enquiries and requests, and assess and handle any complaints;
• To process and answer your inquiries or to contact you to answer your questions and/or requests;
• To develop and improve our products, services, communication methods and the functionality of our websites;
• For the purposes of competitions or promotions that you have entered;
• To communicate information to you and to manage your registration and/or subscription to our newsletters or other communications;
• To manage our everyday business needs;
• To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
• For internal training and quality assurance purposes;
• To understand and assess the interests, wants, and changing needs of consumers, to improve our website, our current products and services, and/or developing new products and services; and
• To provide personalised products, communications and targeted advertising as well as product recommendations to you.
Where appropriate, we will ask for your consent to process the personal data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time.
In some cases, we rely on legitimate interest for processing your personal data. A legitimate interest could exist for example, when you sign up for a loyalty scheme with one of our associated companies and we use the personal data collected to conduct data analytics to improve our products or services. This ground will only be used where it is necessary to achieve a legitimate interest, for example to assist in the performance of a contract, or to optimise a service.
We process your personal data to perform a contract to which you are or will be a party. For example, we need to process your personal data to deliver a product or a service you bought, or to allow you to take part in one of our competitions.
We also process your personal data when we have a legal obligation to perform such processing. For example, a court order may require us to process personal data for a particular purpose, or we may be compelled to process personal data to report suspicious transactions under anti-money laundering rules.
Who will it be shared with?
One Eden may share your personal data with our associated companies and with selected third-parties that perform a service integral to our business for example:
• Third-party service providers
• Marketing agencies, website hosts and companies that help us to run our businesses
• Credit reference agencies
• Legal disclosure. We may transfer and disclose your personal data to third-parties:
o To comply with a legal obligation;
o When we believe in good faith that an applicable law requires it;
o At the request of governmental authorities conducting an investigation;
o To verify or enforce our “Terms & Conditions” or other applicable policies;
o To detect and protect against fraud, or any technical or security vulnerabilities;
o To protect the rights, property, safety, or security of third-parties, visitors to One Eden’s websites or One Eden.
How do we protect your personal data?
We take the security of your personal data very seriously. We take every effort to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure.
How long do we keep your personal data for?
We will keep your personal data for as long as we need it for the purpose it is being processed for. For example, where you make a purchase with us or an associated company we will keep the data related to your purchase, so we can perform the specific contract you have entered and after that, we will keep the personal data for a period which enables us to handle or respond to any issues relating to the purchase.
Your data may also be retained so that we can continue to improve your experience with us.
We will review the personal data we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or consumer need for it to be retained.
We may send you marketing messages by email, letter, text or social media messaging apps if you have given us permission to do so.
You can stop receiving these messages at any time by clicking the unsubscribe link at the bottom of our emails or contacting us at firstname.lastname@example.org
What are your rights?
Where we process your personal data, you have a number of rights over how the data is processed and can exercise these rights at any point. You can exercise your rights by sending an email to email@example.com
We have provided an overview of these rights below together with what this entails for you.
• The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights.
• The right to access and rectification. You have the right to access, correct or update your personal data at any time.
• The right to data portability. The personal data you have provided us with is portable. This means it can be moved, copied or transmitted electronically under certain circumstances.
• The right to be forgotten. Under certain circumstances, you have right to request that we delete your data. If you wish to delete the personal data we hold about you, please let us know and we will take reasonable steps to respond to your request in accordance with legal requirements. If the personal data we collect is no longer needed for any purposes and we are not required by law to retain it, we will do what we reasonably can to delete, destroy or permanently de-identify it.
• The right to object. Under certain circumstances, you have the right to object to certain types of processing, including processing for direct marketing (i.e., receiving emails from us notifying you or being contacted with potential opportunities).
• The right to lodge a complaint with the European Data Protection Authority on https://edps.europa.eu/
• The right to withdraw consent. If you have given your consent to anything we do with your personal data (i.e., we rely on consent as a legal basis for processing your personal data), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
• Further information about your rights can be obtained from The European Data Protection Authority https://edps.europa.eu/
If we need to make any significant changes we will post a clear notice on our website or contact you by email and you can review the changes before continuing to use our website.
When we post changes to this policy, we will revise the “Last Updated” date at the top of this Policy.
Additional Privacy Terms or Notices
Biometric Data: Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.
Browser: A browser is an application program that provides a way to look at and interact with all the information on the World Wide Web.
Privacy Officer: The individual appointed by One Eden to carry out certain responsibilities and functions in respect of privacy and data protection.
Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Cookies: A small text file stored on a user machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session.
Data Controller: An entity that has the authority over the processing of personal data. It controls the use of personal data by determining the purposes for its use and the way personal data will be processed.
Data Processing: Any operation or set of operations which is performed on personal data, such as collecting, recording, organising, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making the data available, aligning or combining data, or blocking, erasing or destroying data. Not limited to automatic means.
Data Subject: The natural person that the personal data refers to.
IP Address: A unique address that identifies a device on the Internet or a local network and which allows a system to be recognized by other systems connected via the Internet protocol.
Personal Data: Any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Part of OneEden Group of Companies