Yoma Soul is committed to safeguarding your privacy and this policy provides you with details of how we collect and process your personal data.
Yoma Soul is the data controller and we are responsible for your personal data.
We use ‘legitimate interests’ as a lawful basis to process your data. This means we use your data in ways that you would reasonably expect for the purposes of fulfilling a contract with you, building a relationship with you and marketing occasional and relevant product information to you (no more than one email marketing communication per month.) We have carried out a legitimate interests assessment (LIA) a copy of which is available on request.
Our email address is: admin@yomasoul.co.uk
Our postal address is: Yoma Soul, Unit 11 Langham Barns, Langham Lane, Langham, Colchester, Essex, CO4 5ZS
Complaints
If you are not happy with any aspect of how we collect and use your data please contact us so that we can try to resolve your issue. You have the right to complain to the ICO – Information Commissioner’s Office, which is the UK supervisory authority for data protection issues. www.ico.org.uk
Sensitive Data
We do not hold any sensitive Data. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions or offences.
Credit/debit card payments
All credit and debit card payments are processed via Stripe secure website. Yoma Soul does not store card details either digitally or manually and are fully compliant with the Payment Card Industry Data Security Standard (PCI DSS)
2) HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when legally permitted. We do not pass your details onto any third parties.
This lawful processing based on legitimate interests includes; registering you as new customer, processing and delivering your order, financial transactions and managing payments and collections of money owed to us.
We will also use legitimate interests as a lawful basis to process your data to manage our relationship with you. This would include notifying you about changes to our terms and conditions and privacy policy, asking you to leave a review and sending you occasional and relevant direct marketing about our products that may be of interest to you by post, telephone or email. You will be offered the opt out option with every marketing communication and will no longer receive any if you choose to unsubscribe.
We may use Google Analytics to improve our websites by understanding how the user navigates our sites. The user’s IP address is not visible to us.
Please refer to our separate cookie policy for how cookies are used on our websites.
We will not share your personal data with any third parties for marketing purposes unless we have received your express opt in consent beforehand.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data we have carried out and maintain a data processing inventory/audit. We consider the quantity, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means as well as the applicable legal requirements.
By law we have to keep basic information about our customers (including contact details, identity, financial and transaction data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see below for more information.
3) YOUR LEGAL RIGHTS
Under certain circumstances you have rights under data protection laws in relation to your personal data. These include the right to:
Request access or transfer of your personal data
Request correction or erasure of your personal data
Object to processing of your personal data based on legitimate interests
Request restriction of processing your personal data based on legitimate interests