1. Introduction

KAIA MAR Ltd needs to collect and use certain types of information about the Individuals or Service Users who come into contact with Kaia Mar Ltd in order to carry on our work. This personal information must be collected and dealt with appropriately whether is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this under the Data Protection Act 1998.

 

2. Data Controller:

KAIA MAR Ltd is the Data Controller under the Act, which means that it determines what purposes personal information held, will be used for. It is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.

 

3. Disclosure and KAIA MAR LONDON

May want to share data with other agencies such as the local authority, funding bodies and other voluntary agencies. The Individual/Service User will be made aware in most circumstances how and with whom their information will be shared. There are circumstances where the law allows (insert name of org)to disclose data (including sensitive data) without the data subject’s consent. These are: a) Carrying out a legal duty or as authorised by the Secretary of State b) Protecting vital interests of a Individual/Service User or other person c) The Individual/Service User has already made the information public d) Conducting any legal proceedings, obtaining legal advice or defending any legal rights e) Monitoring for equal opportunities purposes – i.e. race, disability or religion f) Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures. (insert name of org)regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal. 

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

[INCLUDE ALL THAT APPLY TO YOUR BUSINESS]

• Your consent; 
• The performance of the contract between you and the Site;
• Compliance with our legal obligations;
• To protect your vital interests;
• To perform a task carried out in the public interest;
• For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
• Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

Your rights

EU General Data Protection Regulation (GDPR)

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND PORTABILITY REQUESTS].

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.