This is the privacy notice of Mia & Ben (“we”, “our”, “us”).
We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you interact with us whether via our website www.miabenorganic.com, Mia & Ben social media, or other communication means.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
1. [WHO WE ARE]
2. [HOW IS YOUR PERSONAL DATA COLLECTED?]
3. [THE PERSONAL DATA WE COLLECT]
4. [HOW WE USE YOUR PERSONAL DATA]
5. [DISCLOSURES OF YOUR PERSONAL DATA]
6. [INTERNATIONAL TRANSFERS]
7. [UPDATING OR REQUESTING ACCESS TO YOUR PERSONAL INFORMATION; LEGAL RIGHTS]
9. [DATA SECURITY]
10. [DATA RETENTION]
11. [CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES]
1. Who we are
Mia & Ben is a group of companies, comprising Mia & Ben Organic UG (a limited company registered at the District Court in Berlin with company number HRB180715) and its subsidiary Mia & Ben Organic Limited (a limited company registered in England & Wales with company number 11228626).
Mia & Ben Organic UG owns and operates our website and our social media accounts.
For the purposes of data protection laws Mia & Ben Organic UG is the data controller.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Email address: firstname.lastname@example.org
Postal address: Klosterstrasse 44, 10179 Berlin, Germany
2. How is your personal data collected?
We may collect data from and about you in the following ways:
when you correspond with us or speak to us;
when you use, provide any information about yourself or communicate with us via any Mia & Ben social media accounts, including the following accounts:
when our third-party payment processors provide information about you for fraud prevention purposes;
when you take part in our promotions, competitions or other marketing activities.
3. The personal data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which will principally be comprised of:
identity data: username, name, date of birth and gender (and if you are dealing with us as a representative of a business, the name of that business) and, on occasion and only with your consent, the first name and date of birth of your children (to personalise emails and other communications with you where you are a consumer of our products);
contact data: address, email address, telephone numbers;
financial data: details of bank account, payment card, billing address and order history;
marketing and communications data: your preferences in receiving marketing from us and your communication preferences; and
technical data: internet protocol (IP) address, browser type and version, time zone setting and location, the number of pages viewed before a purchase and purchase session duration, browser plug-in types and versions, operating system and platform, and other information about the technology you use to access our website.
4. How we use your personal data
We will use your personal information only where we have a lawful basis for doing so. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal information and the relevant lawful basis/bases that allow for that processing:
“Legitimate interests” means our legitimate interests in conducting and managing our business where these interests are not overridden by your fundamental rights, interests and freedoms.
5. Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out below:
Companies within the Mia & Ben group from time to time.
Third parties as follows:
IT service providers who supply us with services such as IT systems & maintenance, email hosting services, data hosting services, marketing services, location-finding services and website analytics;
Payment processors who manage online payments for us and assist with fraud prevention;
Carriers who deliver our products to you;
Our professional advisers including accountants, bankers, and lawyers;
Government agencies who require information about our processing activities from us; and
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
We require all third parties processing personal data for us to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In particular, we integrate Google Analytics Advertising Features and Facebook Pixel services with our website. When you visit our website, your web browser will automatically send certain information to Google including the URL of the page that you’re visiting and your IP address. Google may also set cookies on your browser or read cookies that are already there. Your use of our website will involve the collection, sharing, and use of personal data for personalization of ads by Google. Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our site and/or other sites on the Internet. You may opt out of Google’s personalised advertising by visiting www.google.com/settings/ads. Further information about Google’s use of your data can be found at www.google.com/policies/privacy/partners/.
The Facebook Pixel allows Facebook to receive information when you visit our site or other sites or apps provided by other companies that use Facebook technologies. This will include information about your device, websites you visit, purchases you make, the ads you see and how you use our services – whether or not you have a Facebook account or are logged in to Facebook. Further information about Facebook’s use of your data can be found at www.facebook.com/policies/cookies/.
6. International transfers
Some of our service providers are based (or have part of their systems based) outside of the EEA, and in providing services to you, we may need to transfer your personal information to them in countries that do not afford the same level of data protection as EU member states. Where your data is processed outside of the EU, we will ensure your personal information is protected by putting in place appropriate safeguards such as EU Commission Standard Contractual Clauses. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. Updating or requesting access to your personal information
To contact us, please email email@example.com
If your personal data changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. Under data protection law, individuals have the right to request access to information about them that we hold; again please let us know if you want to make a request
Your other data protection rights
By law you have certain other rights. These are to:
be informed of how we are processing your personal information, which this is the key purpose of this Privacy Notice;
request correction of your personal data corrected if it is inaccurate or incomplete;
have your personal data erased in certain circumstances such as where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time of your request;
restrict the use of the processing of your personal data in certain circumstances e.g. where you have told us information is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your information but will not process it further until we have checked and confirmed whether the information is inaccurate;
object to the processing of your information in certain circumstances – e.g. you may object to processing of your information for direct marketing purposes;
data portability: where you have provided us with personal information and we use this information either on the basis of your consent or to perform a contract with you, you have the right to receive your personal information from us in a commonly used and machine readable format, and the right to require us to transmit your personal information to someone else if it is technically feasible;
object to decisions being taken by automated means; and
to withdraw your consent at any time to processing where we are relying on consent as the lawful basis – e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you – We will let you know if this is the case at the time you withdraw your consent.
You also have the right to make a complaint at any time to your local data protection authority (a list and contact details of which is available here. We would, however, appreciate the chance to deal with your concerns so please contact us in the first instance.
We will send you marketing communications if you have signed up for them and where you have not opted out of receiving that marketing. You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.
9. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Data retention
We will retain any personal data that you provide in accordance with applicable laws and our Data Retention Policy. Subject to applicable law, we will only retain your personal data on our systems for as long as is necessary for the relevant purpose for which it was collected. We will delete or destroy it when it is no longer required.
11. Changes to this privacy notice and your duty to inform us of changes
We keep our privacy notice under regular review. This version was last updated in August 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.