Privacy Policy

Last updated: November 19, 2023

Welcome to Favelly! We respect your privacy and are committed to protecting your personal data. We treat your personal data in accordance with this privacy policy and applicable privacy laws and regulations (as defined below). Our business practice is to always inform you why we need your personal data, how we use it, how long we will retain it and your rights.

Please note that this privacy policy only applies to the processing of personal data when you access/use the website located at www.favelly.ch (“website”).


Table of Contents

  1. Definition
  2. Data controller
  3. How do we collect and use your personal data?
    1. Personal data you voluntarily submit through the website
    2. Personal data we collect automatically
  4. Retention of your personal data
  5. Disclosure of your personal data
  6. Transfer of data
  7. Your personal data rights
  8. Complaints
  9. U.S. privacy laws
  10. Security of personal data
  11. Third-party links
  12. Amendments
Personal data you voluntarily submit through the website


1. Definition


The following words, whenever used in this privacy policy, shall have the meaning
defined hereunder:


“Privacy Laws and Regulations” means all applicable privacy regulations and legislation, including the Federal Act on Data Protection, the General Data Protection Regulation 2016/679 (“GDPR”), the national legislation implementing GDPR and, to the extent applicable, the privacy laws of any other country where the customer is located.

“Product” refers to all skincare products listed/offered on the website.

“Controller,” “Data Subject,” “Personal Data,” “Processing,” “Processor,” “Supervisory Authority” shall have the same meaning as defined in the GDPR.

“Customer” refers to individuals who place an order through our website.

“Data Subject Request” means the exercise by a Data Subject of their rights in accordance with GDPR.

“EEA” means the European Economic Area.

“User”, “you” or “your” refers to a website visitor and/or customer, as the context dictates.


2. Data controller


The Data Controller is:


PALMITERI SOLUTIONS
Bümplizstrasse 185
Bern, 3018
Switzerland


Email: palmiteri.solutions@gmail.com


3. How do we collect and use your personal data


The personal data we collect from you is either voluntarily provided by you or automatically collected by us with your consent.
We collect your personal data when you browse through our website and consent to the use of cookies when you subscribe to our mailing list, when you sign up for an account on the website, when you place an order through the website, when you participate in our surveys or when you contact us with your enquiries or support requests.

 

3.1. Personal data you voluntarily submit through the website


Some elements of the personal data that you voluntarily submit through our website are necessary for us to provide you with the requested service, and some are optional. You voluntarily submit your personal data through the website as follows:


3.1.1. When you create an account on the website

When you create an account on the website, we request you provide us with your full name, email address and password.

We use this personal data to create your user account on the website, to send you account-related notices, to improve our understanding of your interests and preferences and for our internal business analysis purposes. Please note that we also gather usage data about you from your account, such as your past purchases, session data, products you browsed during your last session, abandoned carts, and other similar information.

Our legal basis for processing this personal data is the performance of
our contract with you.


3.1.2. When you place an order


When you place an order through the website, we collect personal data, including your full name, phone number, email address, shipping address, and billing address. Please note that although you provide your payment details when you place your order, all payment data is directly collected and processed by our third-party payment processor, and we do not store this data on our database.


We use this personal data to process your order, contact you regarding your order and process any returns and refund requests (if applicable).


Our legal basis for processing this personal data is the performance of our contract.


3.1.3. When you subscribe to our mailing list

When you subscribe to receive direct marketing communication from us, such as our newsletter, you provide us with your full name and email address. We will also receive information about your interactions with our marketing emails.


We use this personal data to send you marketing material that we think you will find interesting.


Our legal basis for processing this personal data is your consent. You are not under any obligation to subscribe to our mailing list, and you have the right to withdraw your consent at any time. To withdraw your consent, click the unsubscribe link at the bottom of our email.

 

3.1.4. When you contact us

When you contact us through the website or email, we collect your name, email address, and the content of your message.


We use this data to reply to you and take other related actions to service your request.


Our legal basis for processing this personal data is our legitimate interest, which does not override your rights as a data subject.

 

3.2. Personal data we collect automatically

When you browse through our website or interact with our emails, we may automatically collect some data about you through cookies. Please note that except for strictly necessary cookies which do not require your consent (ePrivacy Directive 2002/58 EC), your personal data is only processed with your consent, which you grant us when you accept our cookies.


We use cookies to:

 

  • Improve our understanding of our users/customers.
  • Offer a more personalised experience to our users when they return to our website.
  • Improve our marketing efforts, reach new audiences and increase our sales.


You can turn off cookies or remove them from your device by changing your browser settings at any time. To learn more about how you can manage cookies on your browser, please visit the applicable browser links provided hereunder:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Internet Explorer
  • Opera
  • Safari

Please note that blocking cookies may result in a poor user experience. To learn more about how to delete cookies, please visit
https://www.aboutcookies.org/how-to-delete-cookies/.

 

4. Retention of your personal data

We do not retain your personal data for longer than required for the initial purpose for which we collected it, and in no event do we retain it after we cease to have a legal basis for processing. Depending on the purpose of processing outlined in Section 3 above, we may retain your personal data as follows:


4.1. Personal data collected to process your order may be retained for up to ten years from your purchase date for accounting and legal compliance purposes.


4.2. Personal data that is processed to create and maintain your account will be retained for the entire term that you have an account on the website. Such data will be deleted within two years after the termination of your account, except if it is required for the establishment or defence of legal claims.


4.3. Personal data that is processed on the legal basis of your consent may be retained until such time that you withdraw your consent.


4.4. Personal data we process on the legal basis of our legitimate interest will be processed as long as we have a legitimate interest in such processing, provided it does not override your rights as a data subject.


4.5. Personal data processed to provide support service or communicate with you may be retained for the entire duration that you have a website account, and if you do not have an account, we will not retain this data for more than 60 days from the last communication date.

If we cease to have a legal basis for processing your personal data, we will either delete it or irreversibly anonymise it so that it cannot be linked back to you.


5. Disclosure of your personal data

We will never rent or sell your personal data. We may disclose your personal data to third parties in the following situations:


5.1. Third-Party Service Providers
We may engage third-party service providers to perform services on our behalf, including but not limited to web development, maintenance, order fulfilment, delivery, payment processing, marketing and support services.
Your personal data may be disclosed to such third-party service providers only to the extent required for them to perform relevant functions on our behalf. In no event will these service providers use your personal data for any purpose other than those specified in this privacy policy.


5.2. Commercial Transactions
In the event we enter into any commercial transaction, such as a merger, acquisition, sale, or purchase, all your personal data may be disclosed or transferred as part of such a commercial transaction.


5.3. Protection of Rights or Fulfilment of Legal Obligations
We will disclose your personal data to third parties in situations where we believe such disclosure is necessary to investigate or remedy any violations of our agreement or to protect our rights and the rights of others. We will also disclose your personal data in situations where we are required to do so by applicable law/regulation or legal process, such as to comply with a subpoena.


5.4. With Your Consent
We may share your personal data with third parties with your express consent.

6. Transfer of data
Although we aim to process your personal data within countries that are deemed to have adequate data protection by the European Commission, we may make use of some tools and services that are provided by some companies which are domiciled in countries that may not be deemed to have adequate data protection by the European Commission. When such tools/services are used by us, your personal data may be transferred and processed to such third countries in compliance with GDPR.



7. Your personal data rights

As a data subject, you have the following rights relating to your personal data:


7.1. Right to access your personal data
You have the right to request access to your personal data or a copy of your personal data by contacting us.

7.2. Right to rectification
If the personal data we process for you is incorrect, outdated, or incomplete, you may request us to rectify, update, or complete your missing personal data by contacting us.

7.3. Right to withdraw consent
To the extent the legal basis of our processing of your personal data is your consent, you have the right to withdraw your consent at any time. You can opt out of receiving marketing communication from us by clicking the ‘unsubscribe’ link at the bottom of our marketing emails. You can also block the use of our cookies to which you previously consented by accessing your browser settings.

7.4. Right to the erasure of personal data
In limited circumstances, you may exercise your right to request the erasure of your personal data, such as where your personal data is being processed unlawfully.
Please note that we may request you to provide proof of your identity before servicing your data subject requests.



8. Complaints

If you believe that your personal data rights are breached, we would truly appreciate it if you would contact us first to discuss the issue. Notwithstanding the foregoing, if you are in the EEA, you have the right to lodge a complaint with your local supervisory authority.



9. U.S. privacy laws


9.1. California Online Privacy Protection Act (CalOPPA)
We do not sell your personal data to any third parties. If you reside in the State of California, you have the right to request information regarding the disclosure of your personal data by the company to third parties for direct marketing purposes. If you wish to make a request, please contact us at the contact details provided in Section 2 of this Privacy Policy. We will make our best effort to respond to you within 20 business days.

You also have the right to request information about our privacy practices, how we collected your personal data, and with whom we share your personal data. You can obtain most of this information from Sections 3 and 5 of this privacy policy, and for any additional information, you may send us a support request.
CalOPPA also requires us to inform our users how we respond to Do Not Track (“DNT”) signals when the user visits our website. Please note that we currently do not respond to DNT signals.

9.2. Children’s Online Privacy Protection Act (COPPA)
COPPA puts parents in control of the collection of personal data from children under the age of thirteen. In compliance with the COPPA Rule, we do not knowingly collect any personal data from children under the age of 13. If you are a parent of a child who has submitted any personal data on the website, please contact us, and we will immediately investigate and delete any data relating to minors.

9.3. CAN-SPAM Act
In compliance with the CAN-SPAM Act, we agree that:

9.3.1. If a message we send you is an advertisement, we will identify it in a reasonable way.
9.3.2. We will enable you to unsubscribe from our emails using the unsubscribe link at the bottom of our email.
9.3.3. We will honour your decision to opt out of receiving emails from us.
9.3.4. We will not mislead you by using any misleading subjects or email addresses.
9.3.5. We will include our business address in our correspondence with you.



10. Security of personal data

The security of your personal data is important to us. We take all reasonable and financially viable steps to safeguard your personal data from any unauthorised access, use, modification, destruction, or loss. Any payment data transmitted through our website will be encrypted using SSL technology. We have integrated various security measures into the design of our website and in our day-to-day operations. Although we make our best effort to safeguard your personal data, you acknowledge that no mode of transmission over the Internet is one hundred per cent secure; therefore, we cannot offer you any guarantees as to the absolute security of your personal data. By using the website, you understand and accept that the transmission of data through the website is carried out at your own risk.



11. Third-party links

Our website may contain links that will redirect you to third-party websites. Such third-party websites are not owned or operated by us. These third-party websites are governed by their own legal terms and conditions and privacy policy. We advise our users to review all third-party legal agreements before making use of such websites.
You understand that the presence of any third-party links on our website does not constitute an endorsement of such a third party, and we cannot be held responsible for such a third party’s actions. Your decision to visit these third-party sites is entirely at your own risk.



12. Amendments

We reserve the right to make changes to this privacy policy by inclusion, modification, or removal of any part at any time. When we make any material changes to this privacy policy, we will notify you by email or by changing the last modified date on top of this privacy policy. You agree that it is solely your responsibility to review this privacy policy when you revisit the website. Your continued use of the website after we post the updated privacy policy will constitute your acceptance of such changes.