privacy policy
Section 1 - What do we do with your information?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer’s internet protocol (IP) (via cookies) address to provide us with information that helps us learn about your browser and operating system.
Email marketing (if applicable): With your permission, we may send you emails about our store, new products and other updates.
- We are committed to safeguarding the privacy of our website visitors and service users.
- This policy applies where we are acting as a data controller concerning the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. “Personal data” is defined in Article 4(1) of the GDPR:
- “(1) ‘personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- We will ask you to consent to our use of cookies following the terms of this policy when you first visit our website. OR By using our website and agreeing to this policy, you consent to our use of cookies following the terms of this policy.
- Our website incorporates privacy controls that affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
- In this policy, “we”, “us” and “our” refer to Business Connect. For more information about us, see Section 10.
How we use your personal data
Article 13(1) of the GDPR provides that:
“(1) Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: … (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; (d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party”.
Article 6(1)(f) of the GDPR provides that:
“(1) Processing shall be lawful only if and to the extent that at least one of the following applies: … (f) processing is necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
1.1 In Section 1 we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
1.2 We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is from cookies, as laid out in our cookie policy. This usage data may be processed to analyse the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services OR the consent given to us by you to process this data.
1.3 We may process your account data (“account data”). The account data may include your name and email address. The source of the account data is via forms on this website that you have filled in. The account data may be processed to operate our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.4 We may process your information included in your personal profile on our website (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The profile data may be processed to enable and monitor your use of our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.5 We may process your personal data that are provided in the course of the use of our services (“service data”). The service data may include name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details. The source of the service data is any forms filled in for subscriptions or similar services offered by this site. The service data may be processed to operate our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.6 We may process information that you post for publication on our website (or social media pages) or through our services (“publication data”). The publication data may be processed to enable such publication and administer our website and services. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.7 We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data”). The enquiry data may be processed for offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business OR the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.8 We may process information relating to transactions, including purchases of goods and services that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed to supply the purchased goods and services and keep proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business OR the consent given to us by you to process this data.
1.9 We may process information that you provide to us to subscribe to our email notifications and/or newsletters (“notification data”). The notification data may be processed to send you the relevant notifications and/or newsletters. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract OR the consent given to us by you to process this data.
1.10 We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed to communicate with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users OR the consent given to us by you to process this data.
1.11 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
1.12 We may process any of your personal data identified in this policy where necessary for obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
1.13 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
1.14 Please do not supply any other person’s personal data to us, unless you are legally authorised to do so.
1.15 We will not intentionally collect any data from persons under the age of 18. Our products and services are directed to persons who are at least 18 years of age or older.
Section 2 - Consent
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at contact@businessconnectworld.com
Your rights
Article 13(2) of the GDPR provides that, where personal data is collected from a data subject, certain information about data subject rights must be provided:
“In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: … (b) the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to the processing as well as the right to data portability; (c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; …”.
Similar provisions are set out in Article 14 concerning personal data which is not collected from the relevant data subject.
2.1 In this Section 2, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
2.2 Before fulfilling a data subject’s right to:
- Access
- Rectification
- Erasure
- Restriction to processing
- Objection to processing
- Data portability OR
- Withdrawal of consent
The following information will be required to be sent to Business Connect by the person requesting the information:
A certified copy of your identity (passport or national identification card)
A certified copy of the physical address
Once these documents have been sent to us and verified with the relevant authorities, the request will be processed. We will charge an administrative fee for every request. The amount will be based on the charges incurred by us via our service providers (data processors), as well as any fees incurred by Business Connect in the processing of the requests, and will be passed onto the customer (data subject).
2.3 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
2.4 The right to access is set out in Article 15 of the GDPR. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of your personal data.
2.5 The right to rectification is set out in Article 16 of the GDPR. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
2.6 The right to erasure (or right to be forgotten) is set out in Article 17 of the GDPR, and must be notified to data subjects under Articles 13(2)(b), 14(2)(c) and 15(1)(e) of the GDPR. In some circumstances, you have the right to the erasure of your personal data without undue delay, you withdraw consent to consent-based processing, you object to the processing under certain rules of applicable data protection law, the processing is for direct marketing purposes, and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information, For compliance with a legal obligation, or for the establishment, exercise or defense of legal claims.
2.7 Article 18(1) of the GDPR states:
“The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing according to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or reasons of important public interest.
2.8 The right to object to processing is detailed in Article 21 of the GDPR, and must be notified to data subjects under Articles 21(4), 13(2)(b) and 14(2)(c).
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
2.9 Article 21(3) of the GDPR states: “Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.”
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
2.10 This right is set out in Article 21(6) of the GDPR.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation unless the processing is necessary for the performance of a task carried out for reasons of public interest.
2.11 The right to data portability is set out in full in Article 20 of the GDPR, and must be notified to data subjects under Articles 13(2)(b) and 14(2)(c).
To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
2.12 The right to lodge a complaint with a supervisory authority is set out in Article 77 of the GDPR, and must be notified to data subjects under Articles 13(2)(d), 14(2)(e) and 15(1)(f).
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
2.13 Article 7(3) of the GDPR sets out the right of withdrawal. The right must be notified to data subjects under Articles 13(2)(c) and 14(2)(d). See also Article 17(1)(b).
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
2.14 You may exercise any of your rights concerning your personal data by emailing us at contact@businessconnectworld.com
Section 3 - Disclosure
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
International transfers of your personal data
Article 13(1)(f) of the GDPR requires that data controllers disclose to data subjects “where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 [transfers subject to appropriate safeguards] or 47 [binding corporate rules], or the second subparagraph of Article 49(1) [limited transfers for compelling legitimate interests], reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available”.
3.1 In this Section 3, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
3.2 We and our other group companies have offices in The United States of America. The European Commission has made an “adequacy decision” concerning the data protection laws of each of these countries. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained from https://gdpr-info.eu OR http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32002D0002&qid=1415699250815.
3.3 The hosting facilities for our website are situated in The United States of America. The European Commission has made an “adequacy decision” concerning the data protection laws of each of these countries.
3.4 Mail Chimp, Google & Facebook are situated in the USA. The European Commission has made an “adequacy decision” concerning the data protection laws in this country. Transfers to this country will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission, a copy of which can be obtained from https://www.privacyshield.gov/participant?id=a2zt0000000TNSNAA4&status=Active
3.5 You acknowledge that personal data that you submit for publication through our website (or social media pages) or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. EG. Comments on our social media pages that are easily seen by other users of the social site.
Section 4 – WP Engine & PayPal
Our store is hosted on WP-Engine. They provide us with an online hosting platform that allows us to sell our products and services to you. Your data is stored through our website’s data storage, databases and the general website application. WP Engine store your data (that will be encrypted) on a secure server behind a firewall.
Payment:
This is handled via PayPal, with all payments being made through their highly secure payment services.
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.
Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
As such no payment information is gathered or stored on the www.aquatabs.us website during the purchase process.
Section 5 - Third-Party Services
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand how your personal information will be handled by these providers.
In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Providing your personal data to others
Article 13(1)(e) of the GDPR requires that where personal data are collected from the data subject, the data controller must provide the data subject with information about “the recipients or categories of recipients of the personal data”.
Equivalent rules for data collected from someone other than the data subject are in Article 14(1)(e).
5.1 We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal basis, set out in this policy.
5.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or an administrative or out-of-court procedure.
5.3 We may disclose account data to our suppliers or subcontractors insofar as reasonably necessary for fulfilling our obligations to you with regards to the service/s you have requested.
5.4 Financial transactions relating to our website and services [are] OR [may be] handled by our payment services providers, such as PayPal. We will share transaction data with our payment services providers only to the extent necessary for processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
5.5 We may disclose your enquiry data to one or more of those selected third party suppliers of goods and services identified on our website to enable them to contact you so that they can offer, market and sell to you relevant goods and/or services. Each such third party will act as a data controller concerning the enquiry data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data.
5.6 In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or an administrative or out-of-court procedure.
Section 6 - Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Section 7 – Retaining and deleting personal data
Article 5(1)(e) of the GDPR sets out the storage limitation, one of the fundamental rules of the regime:
“Personal data shall be: … kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes by Article 89(1) subject to the implementation of the appropriate technical and organisational measures required by this Regulation to safeguard the rights and freedoms of the data subject … “.
7.1 This Section 7 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations concerning the retention and deletion of personal data.
7.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:
(a) the period of retention of (but not limited to) account, profile or service data will be determined based on the consent given to us by the customer or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
7.4 Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
Section 8 - Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence. Business Connect will not actively engage or collect any data belong to persons under the age of 18. You may not use our services if you are under the age of 18.
Section 9 - Changes To This Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Section 10 - Questions & Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at info@aquatabs.us
This website is operated and owned by:
Business Connect
Section 11 - Credits
This document was created using a template from SEQ Legal (https://seqlegal.com)