GDPR
GDPR
For the purpose of Data Protection Legislation, where personal data is provided directly to Perfect Body & Heart Cafe Ltd through use of the Website, email, or other means Perfect Body & Heart Café Ltd will be a data controller (as defined in the Data Protection Legislation) of such information. Where Perfect Body & Heart Café Ltd is provided with information only for the purpose of performing a contract or where Perfect Body & Heart Cafe Ltd cannot determine the use of such information, Perfect Body & Heart Cafe Ltd will be data processor (as defined in the Data Protection Legislation) of such information.
Perfect Body & Heart Café Ltd may collect, use, store and transfer different kinds of personal data about you Perfect Body & Heart Café Ltd which have grouped together as follows:
• Identity Data including names, username or similar identifier, title, job title, directorships.
• Contact Data including billing address, delivery address, email address and telephone numbers.
• Financial Data including bank account and payment card details.
• Transaction Data including details about payments to and from you and other details of products and services you have purchased from Perfect Body & Heart Café Ltd.
• Usage Data including information about how you use Perfect Body & Heart Café Ltd’s Services or submit an enquiry or query through the Websites.
• Marketing and Communications including your preferences in receiving marketing or surveys from us and our third parties and your communication preferences.
• Additional Information including additional information you chose to provide to us.
•Your personal data, Cookies may be used for personalization of ads and cookies may be used for personalised and non-personalised advertising.
We collect the following data during account creation, or the placing of an order through our website :
Personal Data
Name
Email Address
Billing Address
Delivery Address
IP Address
Telephone Number
Products ordered
Other collection of visitor data and information
The website of Perfect Body & Heart Cafe Ltd heart-cafe.co.uk some basic data when a visitor accesses the website:
This general data and information is not personal and is limited to Google Analytics traffic data collection.
The data collected includes:
(1) the browser types and versions used
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrers)
(4) the sub-websites,
(5) the date and time of access to the Internet site
(6) an Internet protocol address (IP address)
This data is used to
(1) deliver the content of our website correctly
(2) optimize the content of our website as well as its advertisement
(3) ensure the long-term viability of our information technology systems and website technology
(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Therefore, Perfect Body & Heart Cafe Ltd can analyse anonymously the collected data and information, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.
The anonymous data mentioned above is stored separately from all personal data providedduring account creation or the placing of an order. None of this data is personal or linked to your account or orders. We do not share this data with any third party.
Unless you provide such information to us to customise the service we may provide to you, Perfect Body & Heart Café Ltd does not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor does Perfect Body & Heart Café Ltd collect any information about criminal convictions and offences.
Subscription to our newsletters
We offer our visitors the option of signing up to our newsletter. This is entirely the choice of the customer and we use an “Opt in” newsletter signup.
When you sign up to receive our newsletter, your details entered will be stored by our newsletter service provider “Sendpulse”. Your data is protected on their servers and are not shared with any third parties.
You are able, at any time, to unsubscribe from our newsletter. Each email includes and unsubscribe link. And you can alternatively you can request to be unsubscribed from our newsletter by contacting our helpdesk.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter
3. If you fail to provide personal data
Where you fail to provide personal data when requested, Perfect Body & Heart Café Ltd may not be able to perform the contract it has or is trying to enter into. In this case, Perfect Body & Heart Café Ltd may have to cancel the Services but we will notify you if this is the case at the time.
4. How is your personal data collected?
Perfect Body & Heart Café Ltd use different methods to collect personal data from and about you including through:
• Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you:
o apply for the Services;
o give us some feedback or complete a survey;
o request marketing to be sent to you; or
o create an account on our Websites.
5. Purposes for which Perfect Body & Heart Café Ltd will use your personal data
Set out below is a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact or perfectbodyltd@gmail.com or perfectbody@heartcafe.life
6. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7. Your rights regarding your personal information
a) Right of confirmation
You have the right granted by the European legislator to obtain from the controller the confirmation of the personal data held by us. As provided above.
b) Right of access
You have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, you have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation.
Where this is the case, you have the right to be informed of the appropriate safeguards relating to the transfer.
c) Right to rectification
You have the right granted by the European legislator to obtain from the us without undue delay the rectification of inaccurate personal. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
d) Right to erasure (Right to be forgotten)
You have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
The personal data have been unlawfully processed.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If one of the aforementioned reasons applies, and you wish to request the erasure of personal data stored by us, you may at any time contact us.
The Data Protection Officer of …………………….or another employee shall promptly ensure that the erasure request is complied with immediately.
e) Right of restriction of processing
You have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and you want to request the restriction of the processing of personal data stored by us, you may at any time contact us and we will arrange the restriction of the processing.
f) Right to data portability
You have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact us.
g) Right to object
You have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.
Perfect Body & Heart Cafe Ltd shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If Perfect Body & Heart Cafe Ltd processes personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning him or her by SCH Enterprises Limited for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may directly contact us.
Cookie Policy Sections
What are cookies and how do we use them?
How long do cookies last?
What types of cookies are used on this site?
What about third party cookies?
How to control and delete cookies
Changes to our use of cookies
Contact information
What are cookies and how do we use them?
Like most websites you visit, our website (“site”) uses cookies and other similar technologies to distinguish you from other users of our site and to store and manage user preferences, deliver targeted advertising, enable content, and gather analytic and user data, for example. This helps us to provide you with a good experience when you browse our site and also allows us to improve our site.
Cookies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website or embedded in a web page. Cookies may then be sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device and to remember your actions and preferences (such as login details, language, font size and other display preferences) over a period of time.
Your personal data, Cookies may be used for personalization of ads and cookies may be used for personalised and non-personalised advertising. Where possible, security measures are set in place to prevent unauthorised access to our cookies and similar technologies. A unique identifier ensures that only we and/or our authorised service providers have access to cookie data.
We rely on your consent to use certain types of cookies (except “strictly necessary cookies”, as described below). You can refuse cookies at any time by changing your settings while entering a website, referring to the Consent Portal or changing the cookie settings in your browser.
You can find more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, at https://www.aboutcookies.org/ and http://www.youronlinechoices.eu./.
Web beacons
Web beacons (also known as internet tags, pixel tags and clear GIFs) are typically transparent graphic images placed on a site or email. Web beacons are used in combination with cookies to measure the actions of visitors on websites. We may use beacons to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, and the type of browser used to view the page.
IP addresses and URLs
An IP address is a unique identifier that certain electronic devices use to identify and communicate with each other on the internet. When you visit our sites, we may view that IP address of the device that you use to connect to the internet using a web beacon. We use this information to determine the general physical location of the device and understand from what geographic regions our site visitors come. We may use this information to change the way we present our sites to you to enhance your visit.
A URL (uniform resource locator) is a unique identifier or address for each resource on the internet, in effect it is the address for the web page that you are visiting. We will use this information to see which sites and pages are visited and the way that you navigate through our site.
How long do cookies last?
We use cookies and similar technologies that only remain on your device for as long as you keep your browser active (session) and cookies and similar technologies that remain on your device for a longer period (persistent). You are free to block, delete, or disable these technologies if your device allows this. You can manage your cookies and your cookie preferences in your browser or device settings.
What types of cookies are used on this site?
We use different types of cookies on our sites. Although they mainly work in the same way there are some differences:
Strictly necessary cookies - These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services. May be session or persistent cookies.
Analytical/performance cookies - They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These cookies may be provided by our third party analytic provider but are only used for purposes related to our sites. May be session or persistent cookies.
Functionality cookies - These are used to recognise you and choices you make when you return to our website. This enables us to enhance and personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). In addition, cookies may allow some website embedded functionalities (for example, displaying YouTube videos) to work properly. May be session or persistent cookies.
Social Media/Sharing cookies - Our website may include some social media features, such as the Facebook “Like” button, the Twitter “Tweet” button, the LinkedIn “Share” button and so on. These features may collect your IP address, which page you are visiting on our website, and may set a cookie or employ similar technologies to enable the feature to function properly. Social media features are either hosted by a third party or directly on our website. We have no control over how the social networks may collect and use your personal information and their use is subject to the social network’s own privacy policy. May be session or persistent cookies.
Targeting/Re-targeting cookies - These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our websites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose. May be session or persistent cookies.
You can find more information about the individual cookies we use and the purposes for which we use them in the Consent Portal.
What about third party cookies?
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
List of Cookies:
First party cookies:
Advertising cookies:
First party cookie: heart-cafe.co.uk
Third party cookies:
Functional Cookies:
First party cookie: heart-cafe.co.uk
Third party cookie: connect.facebook.net
Essential Cookie:
First party cookie: heart-cafe.co.uk
Third party cookie: google.com
How to control and delete cookies
When you first use our website, you will see a “pop up” cookies notice.
By using this website after accepting the cookies notice, or by browsing our website after you have been presented with this notice, you agree to us placing cookies on your device in accordance with the terms of this Cookies Policy.
The majority of web browsers accept cookies, but you can usually change the web browser’s settings to refuse new cookies, disable existing ones or simply let you know when new ones are sent to your device. If you do not consent to our use of any of the cookies listed above, please disable them following the below instructions so that cookies from this website cannot be placed on your device.
In order to do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” facility). Alternatively, you can visit https://www.attacat.co.uk/resources/cookies/how-to-ban for more information on how to manage cookies. However, please be aware that, if you refuse or disable cookies, some of the website’s functionality may be lost.
In addition, disabling a cookie or category of cookie does not delete the cookie from your device; you will need to do this yourself from within your browser.
Changes to our use of cookies
Any changes to our use of cookies for this website will be posted here or on the Consent Portal and, if necessary, signposted from our web pages highlighting any changes.
Contact Information
If you have any queries in relation to this notice or our use of cookies, please contact us at:
PrivacyOffice@rb.com
You may also write to us at:
RB Global Privacy Office
Turner House
103-105 Bath Road
Slough
SL1 3UH
if you need details about the specific legal basis we are relying on to process your personal data.
Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer or member and verify your
identity when using log-ins (a) Identity
(b) Contact Performance of a contract
To process and deliver the Services including:
(a) Managing payments and charges
(b) Collecting and recovering money owed to us
(c) Contacting you and corresponding about the Services
(d) to provide support to the services (a) Identity
(b) Contact
(c) Financial
(d) Transaction Performance of a contract Necessary for
our legitimate interests (to recover debts due to us)
To respond to queries and enquiries (a) Identity
(b) Contact Legitimate interests (to offer similar services or offers)
To undertake any marketing to you (a) Identity
(b) Contact Legitimate interests (to offer similar services or offers)
Business Performance – To manage our business performance
and assess client satisfaction and improvement to our Services (a) Identity Data
(b) Individual Data Legitimate interests (to improve the services we provide)
Events – To enable us to provide events to you which take
into consideration your preferences (a) Identity Data
(b) Individual Data
(c) Event Data Legitimate interests (to tailor events)
Consent
6. Change of purpose
Perfect Body & Heart Café Ltd will only use your personal data for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact perfectbody@heartcafe.life.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. How your personal data may be shared
Personal data that Perfect Body & Heart Café Ltd collects in accordance with this Privacy Policy, may be shared as follows:
• with third party consultants selected by Perfect Body & Heart Café Ltd, such as survey providers, product checkers and logistic companies;
Third Party Services
- Google https://policies.google.com/technologies/partner-sites
- Google Analytics
- Google Merchant Centre https://policies.google.com/privacy?hl=en
- Google Ads https://policies.google.com/privacy?hl=en
- Organics Marketplace https://organics.com/policies/privacy-policy
- Ebay https://www.ebay.co.uk/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260
- Shopify https://www.shopify.com/legal/privacy
- PayPal (Europe) S.à.r.l. et Cie., Luxembourg, Data protection declaration: paypal.com/de/webapps/mpp/ua/privacy-full
- American Express Services Europe Ltd., United Kingdom, Data protection declaration:americanexpress.com/uk/legal/european-implementing-principles.html
- Google Pay https://policies.google.com/privacy?hl=en
- Royal Mail https://www.royalmail.com/privacy-notice
- UPS https://www.ups.com/gb/en/support/shipping-support/legal-terms-conditions/privacy-notice.page
- Mailchimp https://mailchimp.com/gdpr/
- Facebook www.facebook.com/policy.php
- Instagram https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
- Twitter http://twitter.com/privacy/
- Yahoo https://legal.yahoo.com/ie/en/yahoo/privacy/index.html
- Bing https://privacy.microsoft.com/en-gb/privacystatement
- IP Address
• with other international Perfect Body & Heart Café Ltd member organisations;
• where information is shared through public platforms in accordance with the provision of the services such as Coupon Issuer services;
• with marketplaces such as Amazon;
• where is Perfect Body & Heart Café Ltd under a duty to disclose your personal data to comply with any legal obligation, or to enforce or apply Perfect Body & Heart Café Ltd terms and conditions and other agreements;
• with third party debt recovery agencies;
• to protect the rights, property, or safety of Perfect Body & Heart Café Ltd and its customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws; and
• with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
8. How Perfect Body & Heart Café Ltd stores personal data
For secure storage, Perfect Body & Heart Café Ltd ensures that it stores your personal data within the UK.
Perfect Body & Heart Café Ltd may share your personal data with some third parties who are based outside the EEA. In this case, Perfect Body & Heart Café Ltd will ensure that the appropriate security measures and processing provisions are in place to protect your personal data. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
9. Personal Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. These retention periods depend on the nature of the information, and are subject to change. If you have any questions in this regard, please contact us using the details below.
10. Your Rights
Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal data. These include the right to:
• request access to your personal data;
• request correction of your personal data;
• request erasure of your personal data;
• object to processing of your personal data;
• request restriction of processing your personal data;
• request transfer of your personal data; and
• right to withdraw consent.
To exercise any of the above rights please email your request to: perfectbody@heartcafe.life.
Where you exercise your right to erasure or where information is deleted in accordance with Perfect Body & Heart Café Ltd’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period Perfect Body & Heart Café Ltd retains the data.
11. Children
The Website is not intended for children. Perfect Body & Heart Café Ltd will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.
12. Complaints
If you would like to make a complaint in relation to how Perfect Body & Heart Café Ltd may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Perfect Body & Heart Café Ltd would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this Privacy policy and your duty to inform us of changes
As and when necessary, changes to this privacy policy we will posted here. Where changes are significant, we may also email all our registered users with the new details, and where required by law, will we obtain your consent to these changes.
This Privacy Policy was last updated on 04 June 2023.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
13.
Privacy policy
Privacy Statement
https://heart-cafe.co.uk/pages/privacy-policy or see below
SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
Your personal data, Cookies may be used for personalization of ads and cookies may be used for personalised and non-personalised advertising.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
We collect the following data during account creation, or the placing of an order through our website :
Personal Data
Name
Email Address
Billing Address
Delivery Address
IP Address
Telephone Number
Products ordered
Other collection of visitor data and information
The website of Perfect Body & Heart Cafe Ltd heart-cafe.co.uk some basic data when a visitor accesses the website:
This general data and information is not personal and is limited to Google Analytics traffic data collection.
The data collected includes:
(1) the browser types and versions used
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrers)
(4) the sub-websites,
(5) the date and time of access to the Internet site
(6) an Internet protocol address (IP address)
This data is used to
(1) deliver the content of our website correctly
(2) optimize the content of our website as well as its advertisement
(3) ensure the long-term viability of our information technology systems and website technology
(4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Therefore, Perfect Body & Heart Cafe Ltd can analyse anonymously the collected data and information, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process.
The anonymous data mentioned above is stored separately from all personal data providedduring account creation or the placing of an order. None of this data is personal or linked to your account or orders. We do not share this data with any third party.
Unless you provide such information to us to customise the service we may provide to you, Perfect Body & Heart Café Ltd does not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor does Perfect Body & Heart Café Ltd collect any information about criminal convictions and offences.
SECTION 2 - CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at sales@heart-cafe.co.uk
SECTION 3 - DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4 - SHOPIFY
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Payment:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
SECTION 5 - THIRD-PARTY SERVICES
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
Third Party Services
- Google https://policies.google.com/technologies/partner-sites
- GoogleAnalytics https://marketingplatform.google.com/about/analytics/ and browser add-on
- Google Merchant Centre https://policies.google.com/privacy?hl=en
- Google Ads https://policies.google.com/privacy?hl=en
- Organics Marketplace https://organics.com/policies/privacy-policy
- Ebay https://www.ebay.co.uk/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260
- Shopify https://www.shopify.com/legal/privacy
- PayPal (Europe) S.à.r.l. et Cie., Luxembourg, Data protection declaration: paypal.com/de/webapps/mpp/ua/privacy-full
- American Express Services Europe Ltd., United Kingdom, Data protection declaration:americanexpress.com/uk/legal/european-implementing-principles.html
- Google Pay https://policies.google.com/privacy?hl=en
- Royal Mail https://www.royalmail.com/privacy-notice
- UPS https://www.ups.com/gb/en/support/shipping-support/legal-terms-conditions/privacy-notice.page
- Mailchimp https://mailchimp.com/gdpr/
- Facebook www.facebook.com/policy.php
- Instagram https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
- Twitter http://twitter.com/privacy/
- Yahoo https://legal.yahoo.com/ie/en/yahoo/privacy/index.html
- Bing https://privacy.microsoft.com/en-gb/privacystatement
- IP Address
Links
We do not use links.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6 - SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
SECTION 7 - COOKIES
Cookie policy: https://heart-cafe.co.uk/pages/cookie-policy
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
List of Cookies:
First party cookies:
Advertising cookies:
First party cookie: heart-cafe.co.uk
Third party cookies:
Functional Cookies:
First party cookie: heart-cafe.co.uk
Third party cookie: connect.facebook.net
Essential Cookie:
First party cookie: heart-cafe.co.uk
Third party cookie: google.com
How to control and delete cookies
SECTION 8 - AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 9 - CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at sales@heart-cafe.co.uk
14. Questions and Contact information
For any questions or for further information, please contact: perfectbody@heartcafe.life.