What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.
In according to Law 15/1999, of December 13, on Protection of Personal Data (LOPD), and General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of April 27, 2016, informs that personal data that are requested in our forms or, that can be provided to us, through our email addresses, will be included in our personal data files, whose responsible and owner is ObeyYourBody®
However, when a user completes any of our application form with his personal data requested, under the GDPR, he must give an explicit consent, with a revocable nature, and without retroactive effects.
We inform you that all personal data will be treated under the most confidential and in accordance with current regulations on the protection of personal data.
ObeyYourBody® is not responsible for the processing of personal data of web pages that the user can access through the various links on our website.
When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
- To administer a contest, promotion, survey or other site feature.
- To quickly process your transactions.
How do we protect your information?
We do not use vulnerability scanning and/or scanning to PCI standards.
An external PCI compliant payment gateway handles all CC transactions.
We do not use Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use ‘cookies’?
IS NECESSARY TO INFORM COOKIES:
- NAME COOKIES
- WHAT’S DOING THE COOKIES?
- Help remember and process the items in the shopping cart.
- Understand and save user’s preferences for future visits.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since the browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, It won’t affect the user’s experience.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Can change your personal information:
- By emailing us
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- Within 1 business day
We will notify the users via in-site notification
- Within 1 business day
Principles relating to the processing of personal data
The legal basis for the processing of personal data that we inform to you, that all personal data will be treated with the most confidentiality and, in accordance with, the new European regulations on the protection of personal data with GDPR, the applicable legislation for the collection and processing of personal data is as follows:
- Law 15/1999, of December 13, on Protection of Personal Data (PPD).
- General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of April 27, 2016.
- Other regulation about personal data in USA and Africa.
Purpose of the treatment
The data that we request is adequate and necessary for the purpose for which it is collected. Will not be used them for another purpose that which they have been granted, and in no case will be transferred to third parties, without the consent of the owner.
The user is not obligated to provide their personal data, however, that they are absolutely necessary to carry out the services we offer.
In accordance with the GDPR, the purpose for which personal data is collected is: Offer information about OBEY’s products
Unless, it will be considered necessary to fill in all the fields of each form, for which the user will have to provide us with true, exact, complete and updated information.
The user will be the owner’s responsibility for any damage, direct or indirect, caused to the provider or any third party, by filling out the forms with false, inaccurate, incomplete, when filling up or giving wrong o false data information.
ObeyYourBody® reserves the right to decide whether or not, to incorporate the personal data of these people into their files.
Rights of the data subject
ObeyYourBody® in relating to processing to the data subject has the obligation to the user to offer in a concise, intelligible and easily, accessible form, using clear and plain language. The information shall be provided by any appropriate means, including by electronic means. As a general rule, the controller shall provide the information in the same form as the request.
The user could exercise the rights specified above:
- The right of access by the data subject.
- Limitations to the right of access.
- Right to rectification or erasure of personal data and restriction of processing.
- Almost, the user could exercise of rights by the data subject and verification by the supervisory authority.