In a nutshell:
Introduction and Definitions
CuraLife’s supplements help people worldwide who are suffering from diabetes, asthma, high blood pressure, cholesterol, and other conditions. We respect our Customers’ privacy, implementing the EU’s General Data Protection Regulation and other applicable regulations.
We also operate several Websites – such as curalife.com – and collect personal data of Website Visitors. Some Visitors and other people who communicate with us become our business Contacts or Customers.
2)How Do We Collect Personal Data?
If you’re a Contact or Customer of ours, there might be several ways in which we receive your personal data:
1) When you share it with us directly, through your communication with us on the Websites’ contact forms and reservation forms, by email, phone, facsimile, on social networks (e.g. Facebook), at events or trade fairs, or via any other communication channel
3) We might augment the personal data we have about you with the information that you provided us directly, information others have provided us about you, and data we’ve collected about you from your use of our Websites (see below).
If you’re a Visitor to our Websites, we might receive some personal data through your device, operating system, and browser, and various hosting, tracking, analytics and advertising technologies used on our Websites, such as cookies (see below), Analytics and Advertising technologies, and other technologies. Our Websites do not currently respond to “Do Not Track” signals sent by your browser or device.
3)What Personal Data Do We Process?
If you’re a Contact or Customer of ours, we may collect and process these types of personal data about you:
We also collect and process these types of non-identifiable personal data about anyone using our Websites:
Usage, logs, analytics, and other device- and technical data collected when you use our Websites, including device information and identification numbers, operating system information, IP address, browser and session information, browsing history and referrals, cookie information, web beacons, Internet Service Provider (ISP), advertising identification numbers, language information, connectivity information, configuration information, metadata of files, and usage information (such as page views, clicks, and usage time).
4)What About Personal Data of Children?
CuraLife is providing products to adult consumers and does not intentionally markets its services to children under 16 years old. We do not knowingly collect or process information about children. To the extent we’d learn that any information was collected on children, we will delete it immediately. Please contact us (contact details below) if you have any concerns with respect to children’s personal data.
5)What About Cookies?
6)What Are The Purposes for Processing Personal Data? How Is Your Personal Data Used?
Our purposes in processing data is to improve our Customer’s well-being by providing our products and services, and to enable the operation of our business.
We may process your personal data for our own business purposes, including:
We may use anonymous, statistical or aggregated information we collect, in a form that does not enable the identification of a specific individual, by posting, disseminating, transmitting or otherwise communicating or making available such information to customers, vendors, partners and any other third party.
7)What Is The Legal Basis For The Processing of Data?
We process personal data based on any or some of the following legal bases:
8)Who Is Your Information Shared With?
We may share your personal information with our staff, subsidiaries, affiliates, contractors, consultants, resellers, distributors, carriers, and other third-party business partners, to the extent needed for the provision of our services and our operations.
We process your personal data on our servers and computers, but also third-party services, such as cloud hosting services, support systems and services, payment gateways, billing systems, SMS gateways, Email and SMS notification and communication services, and backup systems.
We use additional processors around the world for various processing activities needed for the performance of our Websites, our services, our operations, and our business, and share information with such processors on a need basis. Such processors include hosting and backup providers (such as Google, DigitalOcean and AWS), analytics providers (such as Google, Hotjar, Mouseflow, Facebook, Vimeo, and PayPal), website technology (such as WordPress, WordPress plug-ins, WordFence, and Elementor), customer relations management (such as Insight.ly CRM and SalesForce), payment gateways and eCommerce services (such as PayPal, Decta, SafeCharge, Stripe, Partial.ly, and WooCommerce), customer support services (such as Zendesk), feedback and review services, advertising technology (such as Google and Facebook), mail and newsletter services (such as Mailchimp, Autopilot, and SimplyCast), security technology and services, and more. We limit the information we share with each processor based on the business need in using such a processor, to protect your information while still effectively benefiting from the services of such processor.
We may also share non-personally identifiable information and aggregate information for any purpose. Such data is not personal data, and its sharing cannot be used to identify you.
We may need to share your information with law enforcement agencies, courts of law, and other governmental organizations, if ordered to do so by competent bodies and according to applicable law.
Mergers and Acquisitions
If we are involved with a merger, asset sale, financing, liquidation, bankruptcy, or the acquisition of all or part of our business to another company, we may share your information with that company and its advisors before and after the transaction date.
9)How Do We Safeguard Your Personal Data?
We take information security seriously. We implement state of the art security standards to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information. We encrypt our Websites and major data communication transmissions to avoid interception (for example, through SSL encryption and PCI compliance) and securely backup the information on our platforms to avoid data loss. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them.
Unfortunately, although we make significant efforts to keep your data safe, we cannot fully ensure or warrant the security of your personal information.
10)Do We Transfer Personal Data Internationally?
We store data mostly over the cloud, mainly on SiteGround servers in the European Economic Area (EEA) and the USA. SiteGround complies with GDPR in their processing of data on our behalf.
At the same time, our business is international – Our staff may access the data on our platform from our offices in Latvia, Spain, Israel, USA, and India. Resellers, distributors, and carriers around the world would access your data from their respective country. We serve Customers worldwide and we utilize additional processors and service providers in various countries. Therefore, we transfer, store or otherwise process your personal information in other countries. We take appropriate safeguards in the selection of our processing vendors around the world to require that your personal information is well protected. Despite our efforts, it may be the case that a country where your personal information is processed has different, or less protective, data protection and privacy regulation than the country you live in.
11)For How Long Do We Keep Personal Data?
We keep personal information we collect for different periods, depending on the type of information, for example: the required period for keeping billing records according to Latvian law, the span of your subscription services with CuraLife, the frequency of your use of our services, and other factors.
Please be aware, that third parties with whom we’ve shared your information (other than our data processors), based on the legal bases detailed in this policy, may retain your information even after we deleted or anonymized any data related to you on our platforms. Such data retention by third parties is subject to their privacy policies, purposes, legal bases, agreements with you, and any applicable law. We take no responsibility over third parties’ use of personal data outside of CuraLife’s control.
12)What Are Your Rights With Respect to Your Personal Data?
According to the data protection and privacy regulations, or where you live, you may have certain rights with respect to your personal information.
Your rights may include, under certain terms and conditions set in the EU General Data Protection Regulation (GDPR) or other applicable law:
After deletion or anonymization of your personal data following its retention period, the rights to access, erasure, rectification, and data portability cannot be enforced.
Your personal information is processed based on several legal bases, sometimes including your consent. You can withdraw your consent at any time by contacting us. Other legal bases, including statutory or contractual requirements that apply to you might remain intact even following the withdrawal of your consent.
14)Who Can You Contact Regarding Your Personal Data?
You can contact us with any question or concern you have at:
CuraLife Commerce SIA
Company registration number: 40203007893
Address: Silmaču iela 4, Rīga, LV-1012, Latvia
Telephone: +371-29448999Email: firstname.lastname@example.org