This is the privacy notice of Mia & Ben (“we”, “our”, “us”).
We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you interact with us whether via our website www.miabenorganic.com, Mia & Ben social media, or other communication means.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
1. [WHO WE ARE]
2. [HOW IS YOUR PERSONAL DATA COLLECTED?]
3. [THE PERSONAL DATA WE COLLECT]
4. [HOW WE USE YOUR PERSONAL DATA]
5. [DISCLOSURES OF YOUR PERSONAL DATA]
6. [INTERNATIONAL TRANSFERS]
7. [UPDATING OR REQUESTING ACCESS TO YOUR PERSONAL INFORMATION; LEGAL RIGHTS]
9. [DATA SECURITY]
10. [DATA RETENTION]
11. [CHANGES TO THIS PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES]
- Who we are
Mia & Ben is a group of companies, comprising Mia & Ben Organic UG (a limited company registered at the District Court in Berlin with company number HRB180715) and its subsidiary Mia & Ben Organic Limited (a limited company registered in England & Wales with company number 11228626).
Mia & Ben Organic UG owns and operates our website and our social media accounts.
For the purposes of data protection laws Mia & Ben Organic UG is the data controller.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Email address: firstname.lastname@example.org
Postal address: Klosterstrasse 44, 10179 Berlin, Germany
2. How is your personal data collected?
We may collect data from and about you in the following ways:
- when you correspond with us or speak to us;
- when you use, provide any information about yourself or communicate with us via any Mia & Ben social media accounts, including the following accounts:
- when you take part in our promotions, competitions or other marketing activities.
3. The personal data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which will principally be comprised of:
identity data: username, name, date of birth and gender (and if you are dealing with us as a representative of a business, the name of that business) and, on occasion and only with your consent, the first name and date of birth of your children (to personalise emails and other communications with you where you are a consumer of our products);
contact data: address, email address, telephone numbers;
marketing and communications data: your preferences in receiving marketing from us and your communication preferences; and
technical data: internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
4. How we use your personal data
We will use your personal information only where we have a lawful basis for doing so. The lawful basis for processing your personal data will depend on the purpose for which it was obtained. The table below sets out the purposes for which we may process your personal information and the relevant lawful basis/bases that allow for that processing:
|Purpose of processing||Type(s) of data||Lawful basis for processing|
|Managing our relationship with you (where you are an end customer of our products and correspond with us in relation to your purchases of our products)||Identity dataContact data||Necessary to comply with a legal obligationFor our legitimate interests in managing and maintaining end-customer relations.|
|Managing our relationship with you (where you are a business supplying us with goods or services, or purchasing goods from us, and for those purposes)||Identity dataContact data||Necessary to comply with a legal obligationTo perform a contract with youFor our legitimate interests in receiving or supplying goods and services.|
|Managing our relationship with you (where you interact with us outside of a business to business context, and are a user of our website, Mia & Ben social media, subscriber to our newsletter, participant in a Mia & Ben promotion, competition or other marketing activity or otherwise correspond with us) for marketing and information provision purposes||Identity dataContact dataMarketing and communications data||Necessary to comply with a legal obligationFor our legitimate interests in marketing our businessConsent|
|Administration purposes and the protection of our business and the website – e.g. accounting, invoicing, reporting, marketing administration, IT system maintenance and security – and to protect our business interests including exercising our legal rights.||Identity dataContact dataTechnical dataMarketing and communications data||Necessary to comply with a legal obligationTo perform a contract with youFor our legitimate interests in running our business to receive or provide goods and services.|
“Legitimate interests” means our legitimate interests in conducting and managing our business where these interests are not overridden by your fundamental rights, interests and freedoms.
5. Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out below:
- Companies within the Mia & Ben group from time to time.
- Third parties as follows:
- Service providers who supply us with services such as IT systems & maintenance, email hosting services, data hosting services, marketing services, and website analytics;
- Our professional advisers including accountants, bankers, and lawyers;
- Government agencies who require information about our processing activities from us; and
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. International transfers
Some of our service providers are based (or have part of their systems based) outside of the EEA, and in providing services to you, we may need to transfer your personal information to them in countries that do not afford the same level of data protection as EU member states. Where your data is processed outside of the EU, we will ensure your personal information is protected by putting in place appropriate safeguards such as EU Commission Standard Contractual Clauses. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. Updating or requesting access to your personal information
To contact us, please email email@example.com
If your personal data changes or if you no longer wish to receive our service, please let us know and we will correct, update or remove your details. Under data protection law, individuals have the right to request access to information about them that we hold; again please let us know if you want to make a request
Your other data protection rights
By law you have certain other rights. These are to:
- be informed of how we are processing your personal information, which this is the key purpose of this Privacy Notice;
- request correction of your personal data corrected if it is inaccurate or incomplete;
- have your personal data erased in certain circumstances such as where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time of your request;
- restrict the use of the processing of your personal data in certain circumstances e.g. where you have told us information is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your information but will not process it further until we have checked and confirmed whether the information is inaccurate;
- object to the processing of your information in certain circumstances – e.g. you may object to processing of your information for direct marketing purposes;
- data portability: where you have provided us with personal information and we use this information either on the basis of your consent or to perform a contract with you, you have the right to receive your personal information from us in a commonly used and machine readable format, and the right to require us to transmit your personal information to someone else if it is technically feasible;
- object to decisions being taken by automated means; and
- to withdraw your consent at any time to processing where we are relying on consent as the lawful basis – e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you – We will let you know if this is the case at the time you withdraw your consent.
You also have the right to make a complaint at any time to your local data protection authority (a list and contact details of which is available here. We would, however, appreciate the chance to deal with your concerns so please contact us in the first instance.
We will send you marketing communications if you have signed up for them and where you have not opted out of receiving that marketing. You can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.
9. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Data retention
We will retain any personal data that you provide in accordance with applicable laws and our Data Retention Policy. Subject to applicable law, we will only retain your personal data on our systems for as long as is necessary for the relevant purpose for which it was collected. We will delete or destroy it when it is no longer required.
11. Changes to this privacy notice and your duty to inform us of changes
We keep our privacy notice under regular review. This version was last updated in [March 2019].
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.